BANKING FRAUD
UNITEDWORLD SCHOOL OF BUSINESS PGPM COURSE 2011- 2013. Under the Guidance of Prof. R. Krishnan.
Students Declaration
I hereby declare that this report, submitted in partial fulfillment of the requirement for the award of the Post Graduate Program in Management, to Unitedworld School of Business is my original work and used anywhere for award of any degree or diploma.
Place: Mumbai Date: -------------------Signature Name: Mufadal Mahimwala Class: PGPM VI Term Enrollment No.:
Certificate
This is to certify that the dissertation submitted in partial fulfillment for the award of PGPM of Unitedworld School of Business is a result of the bonafide research work carried out by Mr. Mufadal Mahimwala E Roll No. 020301013 under my supervision and guidance. No part of this report has been submitted for award of any other degree or diploma.
Date: Place: Mumbai Faculty Guide: Prof. R. Krishnan Signature: Unitedworld School of Business.
Table of Content.
Sr.No. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 167. 17. Topic EXECUTIVE SUMMARY INTRODUCTION TYPES OF BANKING FRAUD INSIDER FRAUD FRAUD PERPETRATED BY OUTSIDE PARTIES ISSUE FUTURE TREND ABOUT THE SURVEY RETAIL BANKING PROIRITY SECTOR BANKING OTHERS WHO COMMITED THE FRAUD HOW WAS IT DISCOVERED HOW LONG DID IT TAKE TO UNCOVER FRAUDS WHAT WAS THE RESPONSE TO FRAUD? HOW ARE BANKS GEARED TO FIGHT THIS MENACE? PROTECTING YOURSELF FROM BANK FRAUD BIBLIOGRAPHY Pg. No. 5 6 7 7 18 20 22 24 28 29 31 32 32 33 34 35 39 41
EXECUTIVE SUMMARY
The Indian banking and financial services sector has witnessed exponential growth in the last decade. This growth has not been without its pitfalls as incidents of fraud in the industry have also been on the rise. The survey shows that banks have witnessed a rise in the number of fraud incidents in the last one year, and the trend is likely to continue in the near future. The survey points to the increased difficult scenario for banks with increased fraud incidents and low recoveries, thereby directly affecting their bottom- line. With increased regulatory scrutiny, banks are under increased pressure to implement best practices and fraud risk management framework. However, as indicated from the survey, this still appears to be work in progress in many of the organizations Risks are inherent in the banking business. In todays economic climate, the adage prevention is better than cure has never been more accurate. No organization can be completely immune to fraudulent activity but steps can be taken to reduce the exposure to financial loss and reputational damage, which are common consequences of fraud survey for the banking industry was aimed at gaining an insight into the fraud scenario in the industry, the areas that incur the maximum number of fraud incidents and the measures organizations are taking to fight the menace survey focuses on the key challenges facing the banking industry in fighting fraud. The objective of the survey is to gain an insight into the current scenario on frauds in the industry, the areas that are prone to fraud, and the way organizations are fighting this menace and preparing for the future This survey has been developed based on the survey questionnaire responses received from banks in India including public sector banks, private sector banks, c o-operative banks and multi-national (MNC) banks. We have consciously attempted to include a variety of banks with different sizes and type of operations to obtain a comprehensive picture of the fraud environment in the country. The survey covers the following key topics 1. What is happening Current perception of fraud in the country/industry Fraud incidents encountered by the banks Average loss and ability to recover
2. What is the Issue Fraud prone areas Root cause analysis Detection mechanism 3. How are banks geared to fight the menace Anti-Fraud framework Role of technology
INTRODUCTION
Bank fraud is the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently representing to be a bank or financial institution. In many instances, bank fraud is a criminal offense. While the specific elements of a particular banking fraud law vary between jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a white-collar crime. Bank fraud is a crime that has been around as long as banks themselves. Anytime there is a large amount of money floating around, there are going to be people trying to figure out ways to get to it. In the United States, and most other developed countries, bank fraud is a serious problem that causes billions of dollars in damages every year, and is considered a federal offense. In China bank fraud is even punishable by death. Bank fraud is defined as attempting to wrongfully take money or property from a federally insured financial institution. That doesnt mean the banks are the only victims though. Millions of people every year fall victim to monetary damages that are caused by bank fraud.
Identity Theft:
When a bank employee steals personal information from customers in order to sell the information or to make fraudulent purchases using a stolen identity.
Stolen checks:
A scan of a counterfeit cashier's check that is made to appear to be issued by Wells Fargo Bank. Some fraudsters obtain access to facilities handling large numbers of checks, such as a mailroom or post office or the offices of a tax authority (receiving many checks) or a corporate payroll or a social or veterans' benefit office (issuing many checks). A few checks go missing; accounts are then opened under assumed names and the checks (often tampered or altered in some way) deposited so that the money can then be withdrawn by thieves. Stolen blank checkbooks are also of value to forgers who then sign as if they were the depositor.
Cheque kiting
Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the money is made available immediately even though it is not removed from the account on which the cheque is drawn until the cheque actually clears.
Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm. Examples of accounting frauds: Enron and WorldCom. These two companies "cooked the books" in order to appear as they had profits each quarter when in fact they were deeply in debt.
Uninsured deposits
There are a number of cases each year where the bank itself turns out to be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of Washington D.C. appeared in 2002 with no license and no affiliation to its seemingly apparent namesake; the real Chase Manhattan Bank is based in New York. Accounting fraud has also been used to conceal other theft taking place within a company.
kind of fraud will be discovered only when the head office does the branch-wise reconciliation, which normally will take 6 months. By that time the money is irrecoverable.
Rogue traders
A rogue trader is a highly placed insider nominally authorised to invest sizeable funds on behalf of the bank; this trader secretly makes progressively more aggressive and risky investments using the bank's money, when one investment goes bad, the rogue trader engages in further market speculation in the hope of a quick profit which would hide or cover the loss. Unfortunately, when one investment loss is piled onto another, the costs to the bank can reach into the hundreds of millions of dollars; there have even been cases in which a bank goes out of business due to market investment losses. Some of the largest bank frauds ever detected were perpetrated by currency traders John Rusnak, and Nick Leeson. Jrme Kerviel, allegedly defrauded Socit Gnrale of 4.9 billion euros ($7.1 billion) us dollars, while trading stock derivatives.
Fraudulent Loans:
Fraudulent loans can occur when a loan officer within a bank forges documents, creates false entities, or lies about the ability of the applicant to repay in order to borrow a sum of money from the bank that they never intend to repay. One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they know that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a
10
non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank.
Fraudulent Institutions:
This is a form of fraud where an entire bank is fraudulently created. The bank is illegal, and uninsured. The scam revolves around people making uninsured deposits to the bank, only to have the bank, along with their money, eventually disappear.
Forged Documents:
11
A forged document claiming that a sum of money has been transferred to another account or something similar can be valuable to a con artist who doesnt want the bank to notice any missing money. Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to a thief who wishes to conceal the minor detail that the bank's money has in fact been stolen and is now gone.
Wire Fraud:
Its common place for banks to wire large sums of money on a daily basis. An insider can fraudulently wire money to a personal account at an offshore bank. It may take a bank months or even longer to notice the missing funds. Whenever people are put in a position to handle large amounts of money, and the opportunity for fraud presents itself, it is always a serious threat. Banks and financial institutions are constantly updating security to prevent insider fraud. The documented cases of fraud have been on the decline over the last couple of decades. While computer tracking and improved security certainly deter fraudulent practices, the threat still exists, and insider fraud still occurs on a regular basis. Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country. There is a very high risk of fraud when dealing with unknown or uninsured institutions.
12
The risk is greatest when dealing with offshore or Internet banks (as this allows selection of countries with lax banking regulations), but not by any means limited to these institutions. There is an annual list of unlicensed banks on the US Treasury Department site which currently is fifteen pages in length.
Booster cheques
A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwiselegitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared.
13
Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late.
14
present in the account or to prevent a check from being returned due to non-sufficient funds. United States banking law makes the first $100 immediately available and it may be possible for much more uncollected funds to be lost by the bank the following business day before this type of fraud is discovered. The crime could also be perpetrated against another person's account in an "account takeover" or with a counterfeit ATM card, or an account opened in another person's name as part of an identity theft scam. The emergence of ATM deposit technology that scans currency and checks without using an envelope may prevent this type of fraud in the future.
Bank impersonation
Fraudsters may set up companies with names that sound similar to existing banks, or assume titles conferring notability to themselves for plausibility, then abscond with the deposited funds. Impersonation has become an increasing problem; the scam operates by obtaining information about an individual, then using the information to apply for identity cards, accounts and credit in that person's name. Often little more than name, parents' name, date and place of birth are sufficient to obtain a birth certificate; each document obtained then is used as identification in order to obtain more identity documents. Government-issued standard identification numbers such as "social security numbers" are also valuable to the fraudster. Information may be obtained from insiders (such as dishonest bank or government employees), by fraudulent offers for employment or investments (in which the victim is asked for a long list of personal information) or by sending forged bank or taxation correspondence. Some fictitious tax forms which purported to have been sent by banks to clients in 2002 were:
15
W-8BEN Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding W-8888
The actual origin of these forms is neither the bank nor the taxman they're sent by would-be identity thieves and W-8888 doesn't exist, W-9095 is also fictitious (the real W-9 asks much less info) and W-8BEN is real but may have been tampered to add intrusive additional questions. The original forms on which these fakes were based are intended to collect information for income tax on income from deposits and investment. In some cases, a name/SIN pair is needed to impersonate a citizen while working as an illegal immigrant but often the identity thieves are using the bogus identity documents in the commission of other crimes or even to hide from prosecution for past crimes. The use of a stolen identity for other frauds such as gaining access to bank accounts, credit cards, loans and fraudulent social benefit or tax refund claims is not uncommon. Unsurprisingly, the perpertators of such fraud have been known to take out loans and disappear with the cash, quite content to see the wrong persons blamed when the debts go bad or the police come calling. Some corporations have engaged in over-expansion, using borrowed money to finance costly mergers and acquisitions and overstating assets, sales or income to appear solvent even after becoming seriously financially overextended.
16
governments and central bankers. However, these official-sounding phrases and more are the hallmark of the so-called "prime bank" fraud; they may sound great on paper, but the guaranteed offshore investment with the vague claims of an easy 100% monthly return are all fictitious financial instruments intended to defraud individuals.
17
Check Fraud:
There are a variety of ways to commit check fraud. The basic premise is that a check is forged, or deposited and then withdrawn before the check can be returned for nonsufficient funds.
Fraudulent Accounting:
Documents can be forged to inflate the perceived value of a company. This is used to attract large investments from the banks, when in reality the company may be worthless and never intends on giving the bank any return on their investment.
Stealing Identities:
Identity theft doesnt only happen due to banking insiders. Personal information may be stolen via fake documents, phishing for information on the internet, through computer systems, or through various other avenues. The information is then used to take out loans or apply for credit cards using the victims personal information.
18
Money Laundering:
Money laundering simply refers to hiding the source where a sum of money originates. There are many ways for someone to launder money through a bank. Purchasing and selling securities, using the funds as collateral on the loans, and even writing off the money as business expenses are all common forms of money laundering. The term "money laundering" dates back to the days of Al Capone; Money laundering has since been used to describe any scheme by which the true origin of funds is hidden or concealed. While Money Laundering is not a form of bank fraud, the two crimes are often committed together. Criminals often commit fraud or other financial crimes and then will launder the funds in order to disassociate the proceeds from the criminal activity through which they were gained. Thus, fraud is considered by the FBI as a "predecessor" or "collateral" crime to Money Laundering.
19
The Issue
What happened?
Banks have encountered the maximum number of fraud incidents in retail banking followed by corporate banking. A majority of the respondents who are actively involved in priority sector have also encountered significant number of fraud incidents in this area. Fraudulent documentation and overvaluation/non-existence of collateral are the types of fraud incidents which appear to rank high to very high for all the areas of banking operations, i.e. retail, corporate and priority sector. Frauds in private banking are attributed primarily to identity theft and misuse of power of attorney/account takeover. However, interestingly incidents involving misselling have not been identified by banks as a major contributor of frauds in private banking. Treasury and administration/procurement operations appear to have encountered least number of fraud incidents according to the respondents.
20
21
Future Trends
What is in store?
With the current economic scenario, an over whelming 83% of the respondents have indicated that the fraud incidents will increase with 64% of them indicating that the increase will be between 6-25% Of the respondents who indicated that frauds will rise in the coming years, an overwhelming 96% of respondents indicated that retail banking will continue to be the most vulnerable to fraud. The surprising revelation is that respondents feel that in the coming years priority sector will contribute to increased fraud incidents with a small decrease in the corporate banking as compared to the current scenario. Surprisingly, a few respondents indicated administration/procurement as the new areas vulnerable to fraud, which is not reflected in the current environment.
22
Cost of compliance
An overwhelming 83% of the respondents indicated that the cost of anti-fraud measures will increase over the next two years with "implementing a fraud detection/analytic s solution", "periodic fraud assessment", "providing fraud awareness training" and " setting up a dedicated fraud investigative cell" appearing to be the top contributors for this increase in cost.
23
Respondent banks
Column1
Co-operative Bank 3%
24
The issue
Since the developments in the 1990s, the entire banking products structure has undergone a major change. With de-regulation, increased competition and IT revolution making it possible to provide ease and flexibility in operations to customers, banks are also evolving and trying to become one-stop financial supermarkets. However, the entire range of banking operations can be segmented into four broad heads - retail, wholesale or corporate banking businesses, treasury operations and other banking activities including advisory services termed as private banking to "high relationship value" clients. Fraud follows opportunity and attacks weakness in the system. It is important to know the areas which are vulnerable to fraud before organizations can start working towards controlling them. With banks operating in various areas, we specifically asked the respondents on the areas where they have encountered fraud and the root cause analysis of the incidents.
25
Chart Title
77 57 33 10 13 3 3
26
27
Retail Banking
With retail banking appearing to be the most vulnerable to fraud, it is interesting to see that the respondents have indicated high to very high incidents of frauds encountered by them involving multiple funding, overvaluation/non-existence of collateral, besides fraudulent documentation. Frauds due to incorrect sanctioning processes and external vendor fraud are also some of the fraud prone areas. An intriguing revelation of this survey is that even though many of the banks outsource the verification and valuation process to third party vendors, the percentage of respondents identifying external vendor induced fraud appears to be relatively low. Fraud incidents in retail banking:
Chart Title
Very low Low Medium High Very High
Overvaluation/non - existence of collateral Fraudulent Documentation Multiple Funding Identity Theft External vendor induced fraud Incorrect sacntioning
29 7 7 13 7 46 31 55
7 29 20
14 14 13 15
21 43 47 15 8 9 90 8
29
15 23 27
31
28
29
Chart Title
Very Low Low Medium High 57 27 33 38 56 71 50 0 100 20 0 18 22 13 25 11 11 Very High 0 18 9 22 0 13 11 43 27 22 13 11 Overvaluation/non - existence of collateral Fraudulent Documentation Multiple Funding Indetity Theft External vendor induced fraud Incorrect saanctioning Siphoning of funds/collateral Others - Interface with Government Systems
14 0 14 30 0
30
Others
Ten percent of respondents have indicated that they have encountered fraud in private banking and 3% in treasury operations and administration/procurement functions. Amongst various areas, in private banking respondents identified fraudulent documentation followed by identity theft as being the highest number of fraud incidents. It is very surprising to note that miss-selling is considered as a low risk, especially in view of the recent incidents highlighted in the media.
31
another 37% through a whistle-blower mechanism. With the advent of technology, banks are at the forefront of leveraging technology to fight frauds. Forty percent of respondents were identifying frauds us ing a fraud analytics solution. This is an encouraging s ign as a proactive fraud detection solution will not only enable banks to identify frauds before they occur, but can also be leveraged to improve their internal control mechanism Even though 37% of the respondents indicated that they detected frauds through a whistleblower mechanism, the number of frauds discovered by anonymous complaints is more at 43%. This could possibly be due to the fact that either the whistle-blower mechanism is probably not implemented fully or the complainants are not comfortable using the whistleblowing hotline. However, the disturbing part is that 20% of the cases were detected by accident and another 43% were by anonymous complaints by third parties, indicating that despite various anti-fraud measures adopted by banks, a significant number of frauds were detected by means other than the organizations fraud control.
33
detect frauds, as mentioned in the previous section, the average time to uncover frauds should reduce in future
34
35
delegated to a person at the senior level who can interact with various departments of the banks like internal audit, vigilance and risk management. The responsibility of fraud risk management is with the chief vigilance officer according to 37% of the respondents. However, only 13% of the respondents indicated that there is a separate chief fraud risk officer who is responsible for only fraud risk management with another 17% of the respondents indicating that the responsibility for this activity rests with the chief compliance officer or chief risk officer (who is also responsible for financial risk management).
36
Despite the fact that more than half the respondents having implemented a fraud control organization structure, number of frauds are raising which brings into question the effectiveness of the fraud risk management framework at the banks. The reason for complete implementation of all these framework controls could possibly be because of the fact that many banks are in the early stages of implementation of the framework and these are work in progress. With the advent of new products and technologies, fraudsters will keep finding new ways to exploit the system. To have robust and effective fraud control mechanism in place it is imperative for the banks to keep reviewing their operations and gather market intelligence on the new fraud scenarios to understand their Operations vulnerability to fraud. However, it should be noted that market intelligence plays a key role in understanding new fraud schemes in the market and banks may need to employ mystery shopping exercise to understand the weakness in their system. So for a meaningful fraud risk assessment, banks should look at increasing their market intelligence capabilities or seek external help. A quick analysis of the results indicate that banks need to immediately focus and speed up their efforts in the following areas to foster better fraud risk management.
Intelligence gathering mechanism. Dedicated forensic tools for investigation. Fraud risk assessment. Due diligence of vendor/third party.
37
Banks have been traditionally early adopters of technology resulting in a number of legacy applications catering to various aspects of their operations. These systems often result in islands or pockets of information with limited data. With modern data analytics solution requiring varied types of data, banks are realizing that they may not have been capturing the requisite information in their existing system, resulting in lack of sufficient data for analytics. Also integrating these varied data sources which may exist in different platforms with varied formats is often cumbersome.
38
39
BIBLIOGRAPHY
www.wikipedia.com
40
41