Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
Fraud Prevention, Detection & Control
JULIUS KAMAU : DIRECTOR TECH AND OPS19th July, 2016
Introduction
• Financial crime is real and affects all business types, all of us are at risk.
• Trends in fraud types, perpetrator characteristics and anti-fraud controls
are similar regardless of where the fraud occurred.
• Small businesses are particularly vulnerable to fraud due to fewer
controls in place.
• We are as strong as our weakest link (People, Process and Systems). Use
technology and systems to reduce fraud risk. Organisations over-rely on
audits as a fraud control.
• Continuous awareness is important. Employee/ Staff/ Customer
education is the foundation of preventing and detecting fraud.
What is Fraud?
3
Fraud is any intentional act or omission designed to deceive others,
resulting in the victim suffering a loss and/or the perpetrator achieving
a gain, usually monetary.
“An act by one party, whether
successful or not, to deprive another
of something by deception”
“Deliberate deception or cheating
intended to gain an illegal advantage”
Some Dictionary Definitions……
Global Fraud Statistics – ACFE Survey 2016
4
ACFE (Association of Certified Fraud Examiners are an association that governs professional fraud examiners globally.
SOURCE : http://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf
% Fraud Prevalence By Industry (PWC)
• Organizations lose 5% of annual revenue to fraud – applied to 2014Gross World Product translates to potential fraud loss of $3.9 Trillion
• Period in which fraud was committed was an average of 18 months
• Asset misappropriation schemes (Fraudulent disbursements, theft ofcash receipts e.t.c.) were most common form of fraud – 83% of allcases
• Financial statement fraud was least common type of fraud – lessthan 10% of all cases reported
• Corruption schemes comprised 35% of cases reported
• Anti-Fraud Controls help reduce cost and duration of fraud
• Fraud most likely detected by Tips(40%) followed by Internal Audit(16%) and management reviews (13%).
Global Fraud Statistics – ACFE Survey 2016
• More than 75% of frauds were committed by individuals in
one of six departments:
• Accounting / Finance
• Operations
• Sales
• Executive / Senior Management
• Purchasing
• Fraud perpetrators often display warning signs –
behavioral red flags that can be used to detect imminent
fraud. These were living beyond means (45%) and
experiencing financial difficulty (30%)
ACFE (Association of Certified Fraud Examiners are an association that governs professional fraud examiners globally.
SOURCE : http://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf
The Threat is real
ACFE (Association of Certified Fraud Examiners are an association that governs professional fraud examiners globally.
SOURCE : http://www.acfe.com/rttn2016/docs/2016-report-to-the-nations.pdf
• Generation X…Y….Z
• Peer Pressure to get rich NOW
Align your PEOPLE
• Lack of adequate controls
Align Your Process• Viruses /
Malware etc.
• Online Banking / Mobile Banking
• ATM Skimming
• Hackers
Align your Technology
Monitor
Review
Asset Misappropriation
Three Common Types of Fraud
1
Corruption
Financial Statement Fraud
2
3
Asset Misappropriation
Asset misappropriation schemes are fraudsin which the perpetrator steals or misusesan organization’s resources. Assets areboth financial assets and non financial(Company Information).
Examples• Clerk stealing cash receipts• Employees “borrowing”
company equipment• Falsified expense reports.• Payroll staff creating ghost
workers• Procurement team create
fictitious vendor and process false invoice
Corruption
Employee’s use of influencein business transactions in away that violates duty to theemployer for the purpose ofobtaining benefit forthemselves or others.
Examples• Procurement
manager awardingcontract to vendorfor a kickback
• HR Manager hiringunqualified “friends”to fill vacancies
Financial Statement Fraud
Intentional mis-statement or omission of material information in theorganization’s financial reports.
Examples• Inflating revenues• Concealing liabilities
and expenses• Improperly valuing
assets
Who commits fraud?
Supplier 4% Client 5% Organised
Crime 6%
Employees
30%
Management
55%
Typical perpetrators
• Male
• 36 to 45 years old
• Commits fraud against his own employer
• Holds a senior management position
• Works in the finance function or
operations
• Employed in the company for more than
10 years
• Works in collusion with another
perpetrator
Fraud Detection Behavioral Red Flags
• Refusal to take vacation or sick leave
• Significant personal debt and credit problems
• Behavioral changes - These may be an indication of drugs, alcohol, gambling, or just
fear of losing the job
• High employee turnover, especially in those areas which are more vulnerable to
fraud
• Lack of segregation of duties in a vulnerable area
• Employee lifestyle changes: expensive cars, jewelry, homes, clothes
• Management decisions are dominated by an individual or small group
• Managers display significant disrespect for regulatory bodies
• Policies and procedures are not documented or enforced
The Fraud Triangle
• Access (physical & System Access)
• Likelihood of detection or penalty (lack of audit; lack of disciplinary action; poor controls
• Greed or need• High Personal
debts• Personal/ Family
financial loss
• The organisation owes me• I am borrowing it• I’ll pay back
Breaking the Fraud Triangle
Breaking the Fraud Triangle entails removing one of the elements in the fraud triangle in order to reduce the likelihood of fraudulent activities.
Of the three elements, removal of opportunity is most directly affected by the system of internal controls and generally provides the most actionable route to deterrence of fraud.
x
Manual Payments
• Easy to counterfeit
• Signatures easily forged
• Easy to intercept
• Delays in account reconciliation
• Does not enforce control processes
• Cannot be completed remotely
Electronic banking
• Secure, encrypted
• Swift to deliver, no risk of being intercepted
• Signatures cannot be forged
• Immediate and automated reconciliation
• Enforce internal processes systematically
• Allows remote access
Banking Today- Electronic Vs Manual
Electronic Banking best practice
• Tokens and PINS to be kept separate
• Under no circumstances should passwords be shared
• Employee should be entitled with appropriate authorization levels
• Transactions should be approved under dual control
• Timely proofing and reconciliation of accounts
• High value transactions should have multiple approvers
• Creation of profiles and issuance of access tokens should beseparated
Cheque Fraud Trends
• Altered cheques- alteration of value and/or payee details
• 1st Party fraud- False documentation used to open an account in the name of the payee
• Encashment- cheques cashed in money exchange bureaus
• Blank cheque theft- interception of an issue cheque where fraudster is subsequently free to enter payee details (value, beneficiary, etc.)
• Cheques intercepted via post or on client premises (Cheque conversion)
• Counterfeit Bankers Cheques
Cheque Fraud Trends
• Cheques should be stored internally under dual control
• Blank areas left on cheques should be crossed
• If possible images of high value chequesshould be retained for reference purposes
• Cheques could be delivered in non-company branded envelopes
• Cheques of higher value if possible could be sent by recorded delivery or courier
• Cheques should not be pre-signed
• Separate cheque writers from cheque signors
• Avoid keeping signed Cheques for long without depositing in the bank.
Card not present
Three Common Types of Fraud
Lost and Stolen
Counterfeit/ Skimming
What is the most common type of card fraud?
Phishing
Cardholder Hints and Tips• Look after your cards and PINs at all times
• Do not let your card out of your sight when making a transaction
• Ensure that you are the only person that knows your PIN
• Shield your PIN with your free hand when using it at the ATM
• Never leave your card unattended in a public place
• Check your receipts and statement and report any irregularities to your bank
• Make sure that you have your Card issuer’s number with you
• Make sure that your Card issuer has your up to date contact details so they can reach
you quickly if needed
• Only shop online on secure sites: “https”
• Never provide details of your PIN. The merchant does not need it for online or
telephone purchases
Life After Fraud
• Fraud is real and has many implications
• Loss of Customer Trust & reputation
• Loss of Funds
• Termination of Employment or Jail time
• Once a fraud Occurs The following are key tips to follow
• Stop further loss i.e. Contact your bank, deactivate system access to all.
• Review all systems, people, processes involved and identify culprits
• Conduct forensic investigation to establish extent of loss
• Involve relevant authorities to try recover funds
• Manage your customers, be honest.
• Invest in prevention for the future.
Prevention – Is Better Than CureAction Activities / Details
Set the tone at the top = Lead by example
• Responsibility of Directors and Officers• Behave Ethically and communicate expectations to staff• Treat all staff equally and have zero tolerance to integrity
related issues.
Create a positive workplace environment (Anti Fraud Culture)
• Focus on employee morale• Empower staff with fraud awareness training• Communication culture. Establish whistleblower process.• Enforce technology, processes and controls that mitigate
risks e.g. regular snap audits and reviews.• Establish an ethical code of conduct and ensure staff are
Hire and promote appropriate employees
• Conduct background checks before hiring or promoting• Continuous and objective evaluation of compliance with
entity values• Address violations immediately• Consequences of fraud should be clear
Prevention – Is Better Than CureAction Activities / Details
Establish an oversight process
• Audit & Risk committee• Establish anti fraud policies and management KPIs to
minimize fraud• Internal Audit Departments• Conduct annual fraud risk assessment.
Employstringent security measures
• Use Electronic payment – have audit trail• Ensure you have updated antivirus• Invest in IT Security and Governance (Firewalls, SIEM, )• Protect sensitive data• Ensure Data Loss prevention (Emails, USB, Server
controls)• Ensure proper data back ups are in place• Ensure systems have maker – checker• User profile reviews to ensure users have appropriate
access and rights
Thank You
CASH MANAGEMENT PRESENTATION
Sally Chege
Head, Transactional Banking 19th July, 2016
28
1 Payment & Collection Solutions
2 NIC Online Banking
3 Cash Delivery/Collection -CIT
4 Bankers Cheque
5 Bulk Mpesa Payments
6 Wagepoint
7 Utility Payments
8 Tax & Duty Payments
9 Summary
10 Q & A
11 Disclaimer
Agenda
Payments and Collections Solutions
7
Payments
Collections
Channels
Bank Branches
Agency Banking (Postbank)
ATMS – NIC ATMs, Pesa Connect and KenSwitch affiliated ATMs
NIC Online Banking
Mobile Banking
EFT, RTGS, KITs, Internal Transfers, Swift/TT, Bankers cheques
Mobile Payments -Mpesa
Tax payments
Bulk Payments ( Salaries, Supplier Payments)
Utility & Bill payments
Petty Cash requests
Credit card Payments( NIC Credit card holders only)
Branch Deposits
Electronic Collections (Direct debits, Telegraphic Transfers, EFT, RTGS)
Cash Collection /Cash in Transit services
Cheque collection – (Online & Courier)
Mobile collections –Paybill and Lipa na Mpesa till settlements.
• Access to banking services
• Access to Local Clearing
• Access to Online Banking & Swift
• Control over disbursements
• Standard Payment Templates
• Access to on-site cash
• Access to network bank branches
Provides Access To Products / Services
Availability 24hours
Internet/Web Based
Real-time information
Provides historical data
Provides reconciliation reports
Statements in CSV and PDF format
Integration with any operating system
Pay instantly or future date your payments
Maintain beneficiary information templates
Bulk payments for Salaries & Supplier payments
Access group account information in NIC through a single view
NIC Online Banking
Key Features
NIC Online Banking
o Two-factor Authentication User Access
o Firewall Protection & Intrusion Detection Systems
o Multiple authorization levels
o Email/SMS Alerts
o One Time Password (OTP)
o Unique Token
Secure Online Banking Platform
o Role Based
Cash
Cash Delivery/Collection Services (Cash-In-Transit)
32
Key Features
Benefits
• NIC Bank partners with various CIT service providers
• Cash in Transit services available for both cash delivery and collection
• Suitable for customers with the need for bulk payments and collections
• Petty cash requests can be placed through NIC Online banking
• Eliminates/minimizes cash handling risks
• Allows you to stay in control of your finances at all times
• Flexible and convenient
• Operational efficiency
Bankers Cheques
33
Key Features
Benefits
• Customers can request for bankers cheques through NIC Online Banking
• Authorized agents can then collect the bankers cheques at the preferred NIC
Branch
• Eliminates risk of fraud through secure transmission of instructions
• Guards against fraud – keeps account information confidential
• Efficiency – online requests for bankers cheques
• Control over your account operations
• Immediate reconciliation
Bulk Mpesa Payments
34
Key Features
Benefits
• Bulk Mpesa payment solution to facilitate low value disbursements
• Enables clients to make payments to their beneficiaries on their mobile phones
• Funds can be transferred in a quickly and conveniently to multiple beneficiaries
• This payment module can be accessed through our online banking platform
• Speedy Transfers
• Wider Reach
• Accessibility
• Convenient
• Reduced Risk
• Simplified payment process
Wagepoint
35
Key Features
Benefits
• Solution tailored for corporate clients with large no. of unbanked staff, receive
small wages on regular basis and/or are located in remote areas
• Enables corporates to pay salaries and wages to their workers through the use
of virtual cards and ATMs
• The client’s employees don’t need to have a bank account with the bank
• Provide more convenience to both employer and employee
• Reduce cash payroll security risk for the employer and the employee
• Provide un-banked workers with a secure cash payment and management
solution
• Create further payout efficiencies, including more worker productivity
Utility Payments
36
Key Features
Benefits
• NIC Bank has partnered with merchants and billers and avails billing services
• Allows clients to make utility payments conveniently from NIC Online or Mobile
Banking
• HELB Payments
• Power and water bills
• Cable TV and Internet access
• Mobile phone bills
• Nairobi County Payments
Tax & Duty Payments
37
Key Features
Benefits
• NIC Bank is a KRA collection agent and clients can pay for all types of duties and
taxes through NIC Online banking and any NIC Bank branch
• NIC Bank has integrated its systems with KRA iTAX system that allows for
exchange of data to facilitate duty and tax payments
• Automated reconciliation of duty and tax amounts through validation of the
KRA e-slip
• Allows for urgent and timely settlement of duties and taxes
• Eliminates the need for queuing at the bank to make payment
• Eliminates the need to procure bankers cheques for KRA duty and tax
payments
Summary
NIC Online Banking for viewing and transacting on your account conveniently and with ease
Ability to pay duties and taxes through NIC Online and at any NIC Branch
Secure cash payment and collections through cash in transit
Ease of paying salaries and wages through Wagepoint and mobile bulk Mpesa solutions
01
02
03
04
39
Thank you
Disclaimer
41
NIC Bank Limited and its subsidiaries (hereinafter referred to as “Bank”) presentations/exhibitions of their products and services are provided by the Bank for information purposes only. They are not be used or considered as an offer to sell or a solicitation of an offer to buy any financial product or service.
Although all reasonable care has been taken to ensure that the information herein is not misleading, the Bank makes no representation or warranty, expressed or implied as to its accuracy or completeness. The communication of this Presentation is restricted by law and it is not intended for distribution or use by any person in, any jurisdiction where such distribution or use would be contrary to local law or regulation.
Any opinions expressed are subject to change without prior notice. No representations or warranties, express or implied are given in, or in respect of, this presentation. To the fullest extent permitted by law, in no circumstances will the Bank, or any of its affiliates, representatives, employees or agents be responsible or liable for any direct, indirect or consequential loss or loss of profit arising from the use of this Presentation, its contents its omissions, or reliance on the information contained within it, or on opinions communicated in relation thereto, or otherwise arising in connection therewith.
Recipients of this Presentation are not to construe its contents, or any prior or subsequent communications from or with the Bank or its representatives as investment, legal or tax advice. In addition, this Presentation does not purport to be all-inclusive or to contain all of the information that may be required to make a full analysis of the Bank Recipients of this Presentationshould make their own evaluation of the Bank and of the relevance and adequacy of the information contained in this presentation and should make such other further investigations as they deem necessary.
This information may not be disclosed outside of, other than to professional advisers engaged specifically by to evaluate theproposal, and shall not be duplicated, used or disclosed in whole or in part for any purpose other than to evaluate this proposal. If any information is disclosed to such professional advisers it shall ensure that such persons maintain the confidential nature of this proposal.