Embed Size (px)
Citation preview
Risk Management: Preventing fraud.
¿What are the central securities depositories doing to mitigate this risk?
Santiago de Chile, April 4, 2014
2©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Content
I. Contextualization
1. ¿What is fraud?2. ¿Who is the typical fraudster?3. Cost of the fraud
II. Risk of fraud in the industry
1. Kinds of fraud the industry is facing2. Industry-specific risk
III. Mitigating these risks
1. Fraud management system2. Prevention, detection and response mechanisms
3©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
¿What is fraud?
Generally, fraud is described as a deliberate act of abuse of trust, taking advantage of swindles, it is done for profit without the consent of the concerned company.
4©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Profile of the typical banking and financial sector fraudster
5©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Economic damage caused by fraudulent activities
The damage caused by financial fraud amount to 3.5 trillion USD globally. The main reason of impact in the financial industry is given by:
0% 5% 10% 15% 20% 25% 30%
9%
11%
14%
18%
22%
26%Management override
Overconfidence and lack of supervision
Avarice
Weak ethical culture
Financial goals pressures
Economic context pressures
6©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
.
Most common kinds of fraud
Typically, in the financial industry fraud committed by:
7©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Irregularities related to theft of money using invoices
Robbing money using invoices
False sales and/or non-registered sales.Sales of the investors securities hiding or altering the true records.
Payment alteration and/or non-registered payments.Dividend payments made to third parties unidentified.
Alteration and/or submission of false information.The lack of detection mechanisms for false information, allows the third party investors accounts to be violated.
Lack of integrity of the information stored in the database.The lack of integrity in the data, leads the information in databases to be inaccurate, incorrect and easily lost.
8©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Irregularities related to fraudulent disbursements
Fraudulent Disbursements
Alteration and/or duplication of investors accounts.This kind of illicit fact is used to make double, parallel or bartered payments.
Lack of control over unidentified investors.The lack of controls over unidentified investors, allows the investors accounts to be easier to perpetuate.
Alteration of beneficiaries.Changes the beneficiary information in order to make securities' sales, or third party payments
Lack of communication and/or control with the emitter.A non-approved dividend payments by the issuer, generating erroneous payments or benefiting a third party.
9©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Irregularities related to cybercrime
Cybercrime
Unauthorized access (Social engineering & Hacking).The lack of strong controls allows the access to confidential information.
Identity theft.Investors’ identity theft in order to generate payments to a third party.
Intercept information.Through controls penetration or social engineering.
Websites’ identity theft.Phishing - Computer Abuse in order to acquire sensitive information from third parties.
10©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Companies in the financial industry that has a fraud risk management program
0% 10% 20% 30% 40% 50% 60% 70% 80%
6%
66%
28%
6%
71%
23%
2011 2013
Yes
No
Do not know
11©2014 KPMG Advisory Services Ltda., sociedad colombiana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (“KPMG International”), una entidad suiza. Derechos reservados. Tanto KPMG como el logotipo de KPMG son marcas comerciales registradas de KPMG International Cooperative (“KPMG International”), una entidad suiza.
Mitigating the fraud risk
Fraud risk management program:
Prevention Detection Response
Supervised by: Board of Directors / Audit Committee, control and compliance areas (Risk Management and
Internal Audit)
Fraud Risk Assessment
Company network firewalls
Due Diligence of employees and
third parties
Anti-corruption policies and
manuals
Training the internal audit team
Anonymous reporting
mechanisms (line ethics)
Audit supervision and
control areas
Proactive Data Analysis (DA)
Data mining of critical business
Monitoring routines
Internal investigation
protocols
Fraud risk matrix for all the
organization
Corrective actions protocol
