Fraud remains high on the list of risks companies of all kinds face. The handling of money and assets combined with high reliance on digital processes and ongoing market pressure make banks especially vulnerable. This article gives an overview over the topic and shows how banks can protect themselves.
What is fraud?
Fraud is a collective term for various types of white-collar crime in general and corporate crime in particular refers to deliberate actions, toleration or omissions which, for the purpose of personal enrichment, are likely to impair the success of the company or cause damage to third parties.
Fraudulent activity can be carried out by one individual, multiple individuals or a firm as a whole. Fraud costs the economy billions of francs each and every year, and those who are caught are subject to criminal charges. When a fraud extends to a broad network across management and third parties, it can be very difficult to identify and analyse. Often, the perpetrator of fraud is aware of information that the intended victim is not, allowing the perpetrator to deceive the victim. As such, the individual or company committing fraud is taking advantage of information asymmetry.
Where are banks exposed to fraud?
Your key risk factor (independent of the industry) is the one that walks through your doors or logs onto your systems every day – your employee. Banks are exposed in numerous ways and their fraud risks include:
- Investment fraud, pump & dump schemes, insider offences
- Computer/cyber crime
- Accounting fraud, misuse of internal accounts
- Loan/mortgage fraud
- Credit card fraud
- Corruption, money laundering
- Expenses fraud, fake invoices
- Stealing from customer’s accounts or unsolicited transfers between clients
Resulting risks from fraud are not only financial and operational risks but also reputational risks, that damage a bank’s key asset - the customer’s trust.
When does fraud happen?
Fraud occurs when three factors are present. The American criminologist Donald R. Cressey identified and defined these as:
- Motive: The person committing fraud usually has an actual or perceived financial need or feels let down by the company.
- Rationalisation: The majority of the perpetrators do not view themselves as criminals, but rather as people, who find themselves, due to no fault of their own, in an unfortunate situation. In order to protect themselves from getting a guilty conscience, they develop a justification for their crime, i.e. this might be “I have just borrowed the money and I will pay it back later” or “I am the person with the highest profit margin and I am therefore entitled to the money”.
- Opportunity: The person committing fraud must have the opportunity to do so, by making use of deficiencies in internal control systems and by abusing trust bestowed in him by the company or by other employees.
Predominant leadership styles build on trust and empowerment. There is no known direct linkage between leadership style and fraud frequency, but different styles bring different challenges. More trust and empowerment can bring a weaker control-mindset with them, which can lead to higher commitment and more self-control. On the other hand, stringent controls with no trust can cause frustrated employees. There is no right or wrong culture, and one should not compare apples to oranges. A proven weapon is nurturing high ethical standards, such as integrity and the possibility to speak up, voice concerns and admit to mistakes as well as the appropriate “tone from the top”, as the apple never falls far from the tree.
How can you protect yourself?
The key components of your anti-fraud toolkit should consist of a healthy company culture combined with a solid corporate governance and a thought-through internal control system as well as internal and external auditors and capital markets supervision (in the case of listed entities). The following steps will reduce your fraud risk substantially:
- Review and reinforce values and strategy: Manage with a longer-term perspective rather than short-term goals, and eliminate contradictions and inconsistencies between stated values and actual priorities.
- Clarify responsibilities: The prevention and detection of fraud within a company is primarily the responsibility of the management under the oversight of those charged with governance.
- Ensure solid internal control systems: Internal controls are the mechanisms, rules, and procedures implemented by a company to ensure the integrity of data and adherence to regulation, promote accountability and prevent fraud. The “three lines of defense” model also helps protect companies from material fraud.
- Transparency and Training: Specifically assess your internal and external fraud risk along all lines of business, define risk tolerances, mitigation and reporting including whistleblowing mechanisms and formalise this in internal policies and training.
- Use technology and evaluate technological changes: Update your current systems with new technology, to empower your risk managers, compliance officers and auditors to identify anomalies, unusual transactions and patterns through data analytics and data mining. Assess new developments (such as open banking interfaces) for their fraud implications.
What to do, when you suspect or identify fraud?
Most companies encounter fraud in one or the other manner, some more than once or even frequently. Usually companies detect fraud themselves, sometimes with the help of auditors. By implementing the before-mentioned protective steps important precautions are being taken to effectively prevent fraudulent activities. In cases when fraud does occur though, it is of utmost importance to handle the case with care so as to secure information, limit damage and to remain in charge of the situation. Most companies seek help from forensic experts, auditors or trusted consultants to benefit from their independence coupled with experience and expertise.
A last word
The steps and recommendations are clustered around Social and Governance factors that help companies to become more sustainable – also in respect to fraud. By following the above-mentioned recommendations and by strengthening your control systems, you will safeguard your company. Especially with changes in business strategy, new processes and increased digitisation, a timely and independent thorough review is called for so as to align business activities, risks, processes and controls and to help avoid apples turning rotten or spreading to others.