Project On

BANKING FRAUD

UNITEDWORLD SCHOOL OF BUSINESS PGPM COURSE 2011- 2013. Under the Guidance of Prof. R. Krishnan.

Submitted By Mufadal Mahimwala

Students Declaration
I hereby declare that this report, submitted in partial fulfillment of the requirement for the award of the Post Graduate Program in Management, to Unitedworld School of Business is my original work and used anywhere for award of any degree or diploma.

Place: Mumbai Date: -------------------Signature Name: Mufadal Mahimwala Class: PGPM VI Term Enrollment No.:

Certificate
This is to certify that the dissertation submitted in partial fulfillment for the award of PGPM of Unitedworld School of Business is a result of the bonafide research work carried out by Mr. Mufadal Mahimwala E Roll No. 020301013 under my supervision and guidance. No part of this report has been submitted for award of any other degree or diploma.

Date: Place: Mumbai Faculty Guide: Prof. R. Krishnan Signature: Unitedworld School of Business.

Table of Content.
Sr.No. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 167. 17. Topic EXECUTIVE SUMMARY INTRODUCTION TYPES OF BANKING FRAUD INSIDER FRAUD FRAUD PERPETRATED BY OUTSIDE PARTIES ISSUE FUTURE TREND ABOUT THE SURVEY RETAIL BANKING PROIRITY SECTOR BANKING OTHERS WHO COMMITED THE FRAUD HOW WAS IT DISCOVERED HOW LONG DID IT TAKE TO UNCOVER FRAUDS WHAT WAS THE RESPONSE TO FRAUD? HOW ARE BANKS GEARED TO FIGHT THIS MENACE? PROTECTING YOURSELF FROM BANK FRAUD BIBLIOGRAPHY Pg. No. 5 6 7 7 18 20 22 24 28 29 31 32 32 33 34 35 39 41

EXECUTIVE SUMMARY
The Indian banking and financial services sector has witnessed exponential growth in the last decade. This growth has not been without its pitfalls as incidents of fraud in the industry have also been on the rise. The survey shows that banks have witnessed a rise in the number of fraud incidents in the last one year, and the trend is likely to continue in the near future. The survey points to the increased difficult scenario for banks with increased fraud incidents and low recoveries, thereby directly affecting their bottom- line. With increased regulatory scrutiny, banks are under increased pressure to implement best practices and fraud risk management framework. However, as indicated from the survey, this still appears to be work in progress in many of the organizations Risks are inherent in the banking business. In todays economic climate, the adage prevention is better than cure has never been more accurate. No organization can be completely immune to fraudulent activity but steps can be taken to reduce the exposure to financial loss and reputational damage, which are common consequences of fraud survey for the banking industry was aimed at gaining an insight into the fraud scenario in the industry, the areas that incur the maximum number of fraud incidents and the measures organizations are taking to fight the menace survey focuses on the key challenges facing the banking industry in fighting fraud. The objective of the survey is to gain an insight into the current scenario on frauds in the industry, the areas that are prone to fraud, and the way organizations are fighting this menace and preparing for the future This survey has been developed based on the survey questionnaire responses received from banks in India including public sector banks, private sector banks, c o-operative banks and multi-national (MNC) banks. We have consciously attempted to include a variety of banks with different sizes and type of operations to obtain a comprehensive picture of the fraud environment in the country. The survey covers the following key topics 1. What is happening Current perception of fraud in the country/industry Fraud incidents encountered by the banks Average loss and ability to recover

2. What is the Issue Fraud prone areas Root cause analysis Detection mechanism 3. How are banks geared to fight the menace Anti-Fraud framework Role of technology

INTRODUCTION
Bank fraud is the use of fraudulent means to obtain money, assets, or other property owned or held by a financial institution, or to obtain money from depositors by fraudulently representing to be a bank or financial institution. In many instances, bank fraud is a criminal offense. While the specific elements of a particular banking fraud law vary between jurisdictions, the term bank fraud applies to actions that employ a scheme or artifice, as opposed to bank robbery or theft. For this reason, bank fraud is sometimes considered a white-collar crime. Bank fraud is a crime that has been around as long as banks themselves. Anytime there is a large amount of money floating around, there are going to be people trying to figure out ways to get to it. In the United States, and most other developed countries, bank fraud is a serious problem that causes billions of dollars in damages every year, and is considered a federal offense. In China bank fraud is even punishable by death. Bank fraud is defined as attempting to wrongfully take money or property from a federally insured financial institution. That doesnt mean the banks are the only victims though. Millions of people every year fall victim to monetary damages that are caused by bank fraud.

Types of Banking Fraud

There are two main categories when it comes to bank fraud, but there are countless ways that the crime can occur. Types of bank fraud can be categorized to inside and outside bank fraud.

Insider Bank Fraud

Insider bank fraud is perpetrated by someone who works inside, or has access to restricted areas or information inside of the financial institution. Insider bank fraud can be difficult for banks to defend against, since so many people are put in a position of responsibility with the banks money. Some of the more common forms of insider fraud are:

Identity Theft:
When a bank employee steals personal information from customers in order to sell the information or to make fraudulent purchases using a stolen identity.

Illegal Insider Trading:

This occurs when an insider has authority to make investments on behalf of the bank, and engages in high risk trades without the bank being aware of it. A series of illegal trades gone wrong can cause enough damage to put a bank out of business.

Stolen checks:

A scan of a counterfeit cashier's check that is made to appear to be issued by Wells Fargo Bank. Some fraudsters obtain access to facilities handling large numbers of checks, such as a mailroom or post office or the offices of a tax authority (receiving many checks) or a corporate payroll or a social or veterans' benefit office (issuing many checks). A few checks go missing; accounts are then opened under assumed names and the checks (often tampered or altered in some way) deposited so that the money can then be withdrawn by thieves. Stolen blank checkbooks are also of value to forgers who then sign as if they were the depositor.

Cheque kiting
Cheque kiting exploits a system in which, when a cheque is deposited to a bank account, the money is made available immediately even though it is not removed from the account on which the cheque is drawn until the cheque actually clears.

Accounting fraud
In order to hide serious financial problems, some businesses have been known to use fraudulent bookkeeping to overstate sales and income, inflate the worth of the company's assets or state a profit when the company is operating at a loss. These tampered records are then used to seek investment in the company's bond or security issues or to make fraudulent loan applications in a final attempt to obtain more money to delay the inevitable collapse of an unprofitable or mismanaged firm. Examples of accounting frauds: Enron and WorldCom. These two companies "cooked the books" in order to appear as they had profits each quarter when in fact they were deeply in debt.

Uninsured deposits
There are a number of cases each year where the bank itself turns out to be uninsured or not licensed to operate at all. The objective is usually to solicit for deposits to this uninsured "bank", although some may also sell stock representing ownership of the "bank". Sometimes the names appear very official or very similar to those of legitimate banks. For instance, the "Chase Trust Bank" of Washington D.C. appeared in 2002 with no license and no affiliation to its seemingly apparent namesake; the real Chase Manhattan Bank is based in New York. Accounting fraud has also been used to conceal other theft taking place within a company.

Demand draft fraud

Demand draft fraud is usually done by one or more dishonest bank employees. They remove few DD leaves or DD books from stock and write them like a regular DD. Since they are insiders, they know the coding, punching of a demand draft. These Demand drafts will be issued payable at distant town/city without debiting an account. Then it will be cashed at the payable branch. For the paying branch it is just another DD. This

kind of fraud will be discovered only when the head office does the branch-wise reconciliation, which normally will take 6 months. By that time the money is irrecoverable.

Rogue traders
A rogue trader is a highly placed insider nominally authorised to invest sizeable funds on behalf of the bank; this trader secretly makes progressively more aggressive and risky investments using the bank's money, when one investment goes bad, the rogue trader engages in further market speculation in the hope of a quick profit which would hide or cover the loss. Unfortunately, when one investment loss is piled onto another, the costs to the bank can reach into the hundreds of millions of dollars; there have even been cases in which a bank goes out of business due to market investment losses. Some of the largest bank frauds ever detected were perpetrated by currency traders John Rusnak, and Nick Leeson. Jrme Kerviel, allegedly defrauded Socit Gnrale of 4.9 billion euros ($7.1 billion) us dollars, while trading stock derivatives.

Fraudulent Loans:
Fraudulent loans can occur when a loan officer within a bank forges documents, creates false entities, or lies about the ability of the applicant to repay in order to borrow a sum of money from the bank that they never intend to repay. One way to remove money from a bank is to take out a loan, a practice bankers would be more than willing to encourage if they know that the money will be repaid in full with interest. A fraudulent loan, however, is one in which the borrower is a business entity controlled by a dishonest bank officer or an accomplice; the "borrower" then declares bankruptcy or vanishes and the money is gone. The borrower may even be a

10

non-existent entity and the loan merely an artifice to conceal a theft of a large sum of money from the bank.

Fraudulent loan applications

These take a number of forms varying from individuals using false information to hide a credit history filled with financial problems and unpaid loans to corporations using accounting fraud to overstate profits in order to make a risky loan appear to be a sound investment for the bank.

Forgery and altered cheques

Thieves have altered cheques to change the name (in order to deposit cheques intended for payment to someone else) or the amount on the face of cheques, simple altering can change $100.00 into $100,000.00, although transactions of this value are subject to investigation as a precaution to prevent fraud as policy. Instead of tampering with a real cheque, some fraudsters will attempt to forge a depositor's signature on a blank cheque or even print their own cheques drawn on accounts owned by others, non-existent accounts or even alleged accounts owned by non-existent depositors. The cheque will then be deposited to another bank and the money withdrawn before the cheque can be returned as invalid or for non-sufficient funds.

Fraudulent Institutions:
This is a form of fraud where an entire bank is fraudulently created. The bank is illegal, and uninsured. The scam revolves around people making uninsured deposits to the bank, only to have the bank, along with their money, eventually disappear.

Forged Documents:

11

A forged document claiming that a sum of money has been transferred to another account or something similar can be valuable to a con artist who doesnt want the bank to notice any missing money. Forged documents are often used to conceal other thefts; banks tend to count their money meticulously so every penny must be accounted for. A document claiming that a sum of money has been borrowed as a loan, withdrawn by an individual depositor or transferred or invested can therefore be valuable to a thief who wishes to conceal the minor detail that the bank's money has in fact been stolen and is now gone.

Wire Fraud:
Its common place for banks to wire large sums of money on a daily basis. An insider can fraudulently wire money to a personal account at an offshore bank. It may take a bank months or even longer to notice the missing funds. Whenever people are put in a position to handle large amounts of money, and the opportunity for fraud presents itself, it is always a serious threat. Banks and financial institutions are constantly updating security to prevent insider fraud. The documented cases of fraud have been on the decline over the last couple of decades. While computer tracking and improved security certainly deter fraudulent practices, the threat still exists, and insider fraud still occurs on a regular basis. Wire transfer networks such as the international SWIFT interbank fund transfer system are tempting as targets as a transfer, once made, is difficult or impossible to reverse. As these networks are used by banks to settle accounts with each other, rapid or overnight wire transfer of large amounts of money are commonplace; while banks have put checks and balances in place, there is the risk that insiders may attempt to use fraudulent or forged documents which claim to request a bank depositor's money be wired to another bank, often an offshore account in some distant foreign country. There is a very high risk of fraud when dealing with unknown or uninsured institutions.

12

The risk is greatest when dealing with offshore or Internet banks (as this allows selection of countries with lax banking regulations), but not by any means limited to these institutions. There is an annual list of unlicensed banks on the US Treasury Department site which currently is fifteen pages in length.

Bill discounting fraud

Essentially a confidence trick, a fraudster uses a company at their disposal to gain confidence with a bank, by appearing as a genuine, profitable customer. To give the illusion of being a desired customer, the company regularly and repeatedly uses the bank to get payment from one or more of its customers. These payments are always made, as the customers in question are part of the fraud, actively paying any and all bills raised by the bank. After time, after the bank is happy with the company, the company requests that the bank settles its balance with the company before billing the customer. Again, business continues as normal for the fraudulent company, its fraudulent customers, and the unwitting bank. Only when the outstanding balance between the bank and the company is sufficiently large, the company takes the payment from the bank, and the company and its customers disappear, leaving no-one to pay the bills issued by the bank.

Payment card fraud

Credit card fraud is widespread as a means of stealing from banks, merchants and clients.

Booster cheques
A booster cheque is a fraudulent or bad cheque used to make a payment to a credit card account in order to "bust out" or raise the amount of available credit on otherwiselegitimate credit cards. The amount of the cheque is credited to the card account by the bank as soon as the payment is made, even though the cheque has not yet cleared.

13

Before the bad cheque is discovered, the perpetrator goes on a spending spree or obtains cash advances until the newly-"raised" available limit on the card is reached. The original cheque then bounces, but by then it is already too late.

Stolen payment cards

Often, the first indication that a victim's wallet has been stolen is a phone call from a credit card issuer asking if the person has gone on a spending spree; the simplest form of this theft involves stealing the card itself and charging a number of high-ticket items to it in the first few minutes or hours before it is reported as stolen. A variant of this is to copy just the credit card numbers (instead of drawing attention by stealing the card itself) in order to use the numbers in online frauds.

Duplication or skimming of card information

This takes a number of forms, ranging from a dishonest merchant copying clients' credit card numbers for later misuse (or a thief using carbon copies from old mechanical card imprint machines to steal the info) to the use of tampered credit or debit card readers to copy the magnetic stripe from a payment card while a hidden camera captures the numbers on the face of the card. Some thieves have surreptitiously added equipment to publicly accessible automatic teller machines; a fraudulent card stripe reader would capture the contents of the magnetic stripe while a hidden camera would sneak a peek at the user's PIN. The fraudulent equipment would then be removed and the data used to produce duplicate cards that could then be used to make ATM withdrawals from the victims' accounts.

Empty ATM envelope deposits

A criminal overdraft can result due to the account holder making a worthless or misrepresented deposit at an automated teller machine in order to obtain more cash than

14

present in the account or to prevent a check from being returned due to non-sufficient funds. United States banking law makes the first $100 immediately available and it may be possible for much more uncollected funds to be lost by the bank the following business day before this type of fraud is discovered. The crime could also be perpetrated against another person's account in an "account takeover" or with a counterfeit ATM card, or an account opened in another person's name as part of an identity theft scam. The emergence of ATM deposit technology that scans currency and checks without using an envelope may prevent this type of fraud in the future.

Bank impersonation
Fraudsters may set up companies with names that sound similar to existing banks, or assume titles conferring notability to themselves for plausibility, then abscond with the deposited funds. Impersonation has become an increasing problem; the scam operates by obtaining information about an individual, then using the information to apply for identity cards, accounts and credit in that person's name. Often little more than name, parents' name, date and place of birth are sufficient to obtain a birth certificate; each document obtained then is used as identification in order to obtain more identity documents. Government-issued standard identification numbers such as "social security numbers" are also valuable to the fraudster. Information may be obtained from insiders (such as dishonest bank or government employees), by fraudulent offers for employment or investments (in which the victim is asked for a long list of personal information) or by sending forged bank or taxation correspondence. Some fictitious tax forms which purported to have been sent by banks to clients in 2002 were:

W-9095 Application Form for Certificate Status/Ownership for Withholding Tax

15

W-8BEN Certificate of Foreign Status of Beneficial Owner for United States Tax Withholding W-8888

The actual origin of these forms is neither the bank nor the taxman they're sent by would-be identity thieves and W-8888 doesn't exist, W-9095 is also fictitious (the real W-9 asks much less info) and W-8BEN is real but may have been tampered to add intrusive additional questions. The original forms on which these fakes were based are intended to collect information for income tax on income from deposits and investment. In some cases, a name/SIN pair is needed to impersonate a citizen while working as an illegal immigrant but often the identity thieves are using the bogus identity documents in the commission of other crimes or even to hide from prosecution for past crimes. The use of a stolen identity for other frauds such as gaining access to bank accounts, credit cards, loans and fraudulent social benefit or tax refund claims is not uncommon. Unsurprisingly, the perpertators of such fraud have been known to take out loans and disappear with the cash, quite content to see the wrong persons blamed when the debts go bad or the police come calling. Some corporations have engaged in over-expansion, using borrowed money to finance costly mergers and acquisitions and overstating assets, sales or income to appear solvent even after becoming seriously financially overextended.

Prime bank fraud

The "prime bank" operation which claims to offer an urgent, exclusive opportunity to cash in on the best-kept secret in the banking industry, guaranteed deposits in "prime banks", "constitutional banks", "bank notes and bank-issued debentures from top 500 world banks", "bank guarantees and standby letters of credit" which generate spectacular returns at no risk and are "endorsed by the World Bank" or various national

16

governments and central bankers. However, these official-sounding phrases and more are the hallmark of the so-called "prime bank" fraud; they may sound great on paper, but the guaranteed offshore investment with the vague claims of an easy 100% monthly return are all fictitious financial instruments intended to defraud individuals.

The fictitious 'bank inspector'

This is an old scam with a number of variants; the original scheme involved claiming to be a bank inspector, claiming that the bank suspects that one of its employees is stealing money and that to help catch the culprit the "bank inspector" needs the depositor to withdraw all of his or her money. At this point, the victim would be carrying a large amount of cash and can be targeted for the theft of these funds. Other variants included claiming to be a prospective business partner with "the opportunity of a lifetime" then asking for access to cash "to prove that you trust me" or even claiming to be a new immigrant who carries all their money in cash for fear that the banks will steal it from them if told by others that they keep their money in banks, they then ask the depositor to withdraw it to prove the bank hasn't stolen it. Impersonation of officials has more recently become a way of stealing personal information for use in theft of identity frauds.

17

Fraud Perpetrated By Outside Parties

Bank fraud is not limited to those working inside the institutions. Banks, and their customers, have been long time targets for con artists. Here are some of the more common ways that fraud can be accomplished by individuals without insider access to the banks.

Check Fraud:
There are a variety of ways to commit check fraud. The basic premise is that a check is forged, or deposited and then withdrawn before the check can be returned for nonsufficient funds.

Credit Card Fraud:

Credit card fraud is a very common crime. Credit cards can be stolen or created with a fake identity. Thousands of dollars can be fraudulently spent before the bank or the victim catches on.

Fraudulent Accounting:
Documents can be forged to inflate the perceived value of a company. This is used to attract large investments from the banks, when in reality the company may be worthless and never intends on giving the bank any return on their investment.

Stealing Identities:
Identity theft doesnt only happen due to banking insiders. Personal information may be stolen via fake documents, phishing for information on the internet, through computer systems, or through various other avenues. The information is then used to take out loans or apply for credit cards using the victims personal information.

18

Money Laundering:
Money laundering simply refers to hiding the source where a sum of money originates. There are many ways for someone to launder money through a bank. Purchasing and selling securities, using the funds as collateral on the loans, and even writing off the money as business expenses are all common forms of money laundering. The term "money laundering" dates back to the days of Al Capone; Money laundering has since been used to describe any scheme by which the true origin of funds is hidden or concealed. While Money Laundering is not a form of bank fraud, the two crimes are often committed together. Criminals often commit fraud or other financial crimes and then will launder the funds in order to disassociate the proceeds from the criminal activity through which they were gained. Thus, fraud is considered by the FBI as a "predecessor" or "collateral" crime to Money Laundering.

Phishing and Internet fraud

Phishing operates by sending forged e-mail, impersonating an online bank, auction or payment site; the e-mail directs the user to a forged web site which is designed to look like the login to the legitimate site but which claims that the user must update personal info. The information thus stolen is then used in other frauds, such as theft of identity or online auction fraud. A number of malicious "Trojan horse" programmes have also been used to snoop on Internet users while online, capturing keystrokes or confidential data in order to send it to outside sites.

19

The Issue
What happened?
Banks have encountered the maximum number of fraud incidents in retail banking followed by corporate banking. A majority of the respondents who are actively involved in priority sector have also encountered significant number of fraud incidents in this area. Fraudulent documentation and overvaluation/non-existence of collateral are the types of fraud incidents which appear to rank high to very high for all the areas of banking operations, i.e. retail, corporate and priority sector. Frauds in private banking are attributed primarily to identity theft and misuse of power of attorney/account takeover. However, interestingly incidents involving misselling have not been identified by banks as a major contributor of frauds in private banking. Treasury and administration/procurement operations appear to have encountered least number of fraud incidents according to the respondents.

Why did it happen?

About 73% of the respondents cited lack of oversight by line managers or senior managers on deviations from existing process/controls as one of the major reason followed by current business pressure to meet targets and difficult business scenario as other two major reasons for increasing fraud incidents. About 37% of the respondents indicated that there was collusion between the employees and external parties.

20

How was it discovered?

It appears that a majority of the incidents are still detected through a formal and informal complaint mechanism. A significant 43% of external third party and another 37% through a whistle-blower mechanism. More than half the respondents indicated that they have detected fraud through internal audit reviews. However the worrying sign is that 20% of the respondents indicated that they still detect fraud by accident. Technology appears to be gaining prominence in fraud detection Forty percent of the respondents indicated that they detected fraud using a fraud detection/analytics tool According to more than half of the respondents, the average time taken to discover a fraud incident is more than six months and 23% of them indicated it to be greater than a year

21

Future Trends
What is in store?
With the current economic scenario, an over whelming 83% of the respondents have indicated that the fraud incidents will increase with 64% of them indicating that the increase will be between 6-25% Of the respondents who indicated that frauds will rise in the coming years, an overwhelming 96% of respondents indicated that retail banking will continue to be the most vulnerable to fraud. The surprising revelation is that respondents feel that in the coming years priority sector will contribute to increased fraud incidents with a small decrease in the corporate banking as compared to the current scenario. Surprisingly, a few respondents indicated administration/procurement as the new areas vulnerable to fraud, which is not reflected in the current environment.

22

Cost of compliance
An overwhelming 83% of the respondents indicated that the cost of anti-fraud measures will increase over the next two years with "implementing a fraud detection/analytic s solution", "periodic fraud assessment", "providing fraud awareness training" and " setting up a dedicated fraud investigative cell" appearing to be the top contributors for this increase in cost.

23

About the survey

This report presents the views of key people responsible for fraud risk management in banks. Institutions who participated in the survey included private, public, multinational and co-operative banks in India. The asset base of the participants varied from less than Rs 500 crore to greater than Rs 5000 crore. The majority of respondents were primarily with asset base of more than Rs 5000 crore. The customer base of the institutions who participated in the survey included those who had less than 10 lacs to a sizeable proportion with more than 50 lacs number of customers

Respondent banks

Column1

Co-operative Bank 3%

Public Sector Banks 34%

Foreign Banks 40%

Private sector Banks 23%

24

The issue
Since the developments in the 1990s, the entire banking products structure has undergone a major change. With de-regulation, increased competition and IT revolution making it possible to provide ease and flexibility in operations to customers, banks are also evolving and trying to become one-stop financial supermarkets. However, the entire range of banking operations can be segmented into four broad heads - retail, wholesale or corporate banking businesses, treasury operations and other banking activities including advisory services termed as private banking to "high relationship value" clients. Fraud follows opportunity and attacks weakness in the system. It is important to know the areas which are vulnerable to fraud before organizations can start working towards controlling them. With banks operating in various areas, we specifically asked the respondents on the areas where they have encountered fraud and the root cause analysis of the incidents.

25

Where did it happen?

An overwhelming 77% of the respondents indicated that they have suffered from frauds in retail banking. The other major area appears to be corporate banking as indicated by 57% of the respondents. Even though, only 33% of the respondents have indicated that they have experienced frauds in priority sector lending, a deeper analysis of the results indicated that a significant number of banks active in this area have faced frauds which are not truly reflected in the overall percentages above. Treasury and administration/procurement appear to be the areas least prone to frauds as per the respondents of the survey.

Chart Title
77 57 33 10 13 3 3

26

How did it happen?

With banking operations spanning across multiple areas from retail to corporate, treasury and private banking, the types of fraud will vary considerably depending on the areas and processes applicable. Fraudulent documentation appears to rank as the most common fraud scheme across all the areas of banking operations except treasury operations where it may not be applicable. This brings into question, the processes followed by banks in verifying documents/information before entering into a relationship with their customers.

27

Retail Banking
With retail banking appearing to be the most vulnerable to fraud, it is interesting to see that the respondents have indicated high to very high incidents of frauds encountered by them involving multiple funding, overvaluation/non-existence of collateral, besides fraudulent documentation. Frauds due to incorrect sanctioning processes and external vendor fraud are also some of the fraud prone areas. An intriguing revelation of this survey is that even though many of the banks outsource the verification and valuation process to third party vendors, the percentage of respondents identifying external vendor induced fraud appears to be relatively low. Fraud incidents in retail banking:

Chart Title
Very low Low Medium High Very High

Overvaluation/non - existence of collateral Fraudulent Documentation Multiple Funding Identity Theft External vendor induced fraud Incorrect sacntioning

29 7 7 13 7 46 31 55

7 29 20

14 14 13 15

21 43 47 15 8 9 90 8

29

15 23 27

31

28

Priority sector Banking

The government of India identified certain sectors as priority sectors and banks were directed to set aside a definite portion of their credit facilities to these s ectors. RBI fixes the target for priority s ector credit by commercial banks. As per RBI rules, if there is any shortfall in priority sec tor lending from the above targets and sub targets, the concerned bank should depos it an amount equivalent to the shortfall in certain schemes. We wanted to understand from the banks their experience of priority s ector lending, as it has been identified as one whic h has encountered increas ed fraud incidents by thos e who are actively involved in this area Siphoning of funds and overvaluation/ nonexistenc e of collateral are some of the frauds where the most incidents have happened, apart from fraudulent doc umentation. High to very high incidents of frauds involving Identity theft is als o identified by 26% of respondents. Since many of the priority sector customers may face challenges in providing the requisite KYC doc uments, this loophole may be exploited by fraudsters to steal the identity of gullible people and defraud banks. This brings us to the question of customer due diligence process adopted by the banks for this s egment. Since standard identity doc uments some time to come. Hopefully, the Aadhar program should provide s ome relief to banks in the future to like PAN cards, etc., may not be available with thes e customers, this problem may continue to persist for some time to come. Hopefully, the Aadhar program should provide s ome relief to banks in the future to contain this risk.

29

Fraud incident in Priority Sector

Chart Title
Very Low Low Medium High 57 27 33 38 56 71 50 0 100 20 0 18 22 13 25 11 11 Very High 0 18 9 22 0 13 11 43 27 22 13 11 Overvaluation/non - existence of collateral Fraudulent Documentation Multiple Funding Indetity Theft External vendor induced fraud Incorrect saanctioning Siphoning of funds/collateral Others - Interface with Government Systems

14 0 14 30 0

30

Others
Ten percent of respondents have indicated that they have encountered fraud in private banking and 3% in treasury operations and administration/procurement functions. Amongst various areas, in private banking respondents identified fraudulent documentation followed by identity theft as being the highest number of fraud incidents. It is very surprising to note that miss-selling is considered as a low risk, especially in view of the recent incidents highlighted in the media.

31

Who committed the fraud?

Fraud occurs because there is a motivation and opportunity to commit fraud. Almost 37% of the respondents indicated involvement of employees with 64% of these c ases involving only one employee in addition to external parties. Although banks have not encountered high levels of collusion, it begets the question: why is there increase in fraud incidents then? Is it because fraudsters are aware of the lacuna in the banks internal control systems? Is it because of negligence on the part of employees? Subject resulting out of negligence has to be borne by the bank. As the bank employees are at the forefront of fighting fraud, it is important for the organization to make them aware of their obligations through training. Employees should be provided periodic training for their specific areas of operations, which also includes various applicable fraud scenarios, so that they can pre-empt fraud incidents. Another important fraud risk management principle is to provide a clear and consistent message through a credible disciplinary system. A well designed disciplinary process providing guidelines on sanctions based on the nature of the offence and its uniform and consistent application will go a long way in sending the right signal to both internal and external parties and help prevent/reduce negligence acts.

How was it discovered?

A well designed fraud control mechanism should enable organizations to identify frauds proactively. According to 53% of the respondents, frauds were detected through internal audit reviews and significant majority of the incidents were still detected through a formal or informal complaint mechanism. The complaint mechanism consisted of 43% respondents detecting frauds through anonymous complaints by external third party and
32

another 37% through a whistle-blower mechanism. With the advent of technology, banks are at the forefront of leveraging technology to fight frauds. Forty percent of respondents were identifying frauds us ing a fraud analytics solution. This is an encouraging s ign as a proactive fraud detection solution will not only enable banks to identify frauds before they occur, but can also be leveraged to improve their internal control mechanism Even though 37% of the respondents indicated that they detected frauds through a whistleblower mechanism, the number of frauds discovered by anonymous complaints is more at 43%. This could possibly be due to the fact that either the whistle-blower mechanism is probably not implemented fully or the complainants are not comfortable using the whistleblowing hotline. However, the disturbing part is that 20% of the cases were detected by accident and another 43% were by anonymous complaints by third parties, indicating that despite various anti-fraud measures adopted by banks, a significant number of frauds were detected by means other than the organizations fraud control.

How long did it take to uncover fraud?

With a significant 63% of the respondents indicating that they identified frauds through anonymous complaints or by accident, and another 53% were detected by internal audit reviews, it did not come as a surprise that the average time taken to uncover fraud is more than six months in more than 53% of cases. A timely detection of fraud incidents will go a long way in containing the losses and improving the chances of recovery. It is now time for banks to ensure that their current fraud risk management strategies are revised to ensure that they are in line with the current fraud trends and adequate to take care of future growth besides increasing ways of detecting frauds proactively. Hopefully, with the increase in us age of technology to

33

detect frauds, as mentioned in the previous section, the average time to uncover frauds should reduce in future

What was the response to fraud?

According to the survey, 77% of the respondents indicated that they responded to fraud by conducting an internal investigation and 63% reported it to the law enforcement agencies. The respondents also indicated that they allowed the individuals to resign in 10% of the cases, and in 20% of the cases they entered into negotiated settlement. An important fraud risk management principle is the tone from the top. A tone that indicates zero tolerance for fraud goes a long way in propagating a disciplinary culture within banks. Any response to fraud should be swift and effective. The RBI circular of September 2009 required banks to investigate large value frauds with the help of skilled manpower for internal punitive action against the staff and external legal prosecution of the fraudsters and their abettors. Fraud investigation requires specific skill sets like forensic accounting and technology to collect evidence, which may not be available internally. However, with only 3% of the respondents going in for an external investigation and lack of forensic technology tools as indicated in Section 6.2, there could be a possibility of evidence getting lost during this period.

34

How are banks geared to fight this menace?

Who is responsible for fraud risk management?
Fraud can have a devastating impact on organizations in other ways as well. In addition to potential revenue leakage, fraud can have a negative impact on a companys reputation, employee morale, and investor confidence. The key objectives of an effective, business-driven fraud risk management approach should encompass controls that help prevent occurrence of fraud, detect fraud as and when it occurs, and provide for an effective response mechanism to limit the consequences of fraud. The challenge for banks is to develop a comprehensive FRM framework which includes identifying, asses sing and categorizing risks faced by the organization proactively and developing appropriate mechanism for preventing, detecting and responding to fraud. A significant 80% of the respondents indicated that they have already implemented a formal risk management framework at the bank. Fraud risk management has become a board level issue, with an overwhelming 93% of the respondents indicating that these issues are discussed at the board level with senior management at least every quarter. A significant 23% of these respondents said that these issues were discussed at the board level every month. A small 7% of the respondents have still not implemented a FRM framework, which is surprising considering the increased incidents of fraud and the scrutiny by the regulators. As per RBIs September 2009 circular, the fraud risk management and fraud investigation function must be owned by the bank's CEO, its Audit Committee of the Board and the Special Committee of the Board; and they should set up a dedicated outfit to manage this function. To help ensure that fraud controls remain effective, responsibility for the organizations fraud risk management should be

35

delegated to a person at the senior level who can interact with various departments of the banks like internal audit, vigilance and risk management. The responsibility of fraud risk management is with the chief vigilance officer according to 37% of the respondents. However, only 13% of the respondents indicated that there is a separate chief fraud risk officer who is responsible for only fraud risk management with another 17% of the respondents indicating that the responsibility for this activity rests with the chief compliance officer or chief risk officer (who is also responsible for financial risk management).

What is the current status of anti-fraud programs?

A significant number of respondents had indicated that they have implemented a formal fraud risk management framework as mentioned in the earlier section. However, when we asked the implementation status of various components of the framework, it revealed a startling picture. A small 20% of the respondents have dedicated forensic technology tools for investigation Similarly, only 28% appear to have implemented intelligence gathering mechanism Only 60% of the respondents have a Fraud control organization structure with clearly defined reporting structure and 67% have a fraud control strategy in place

36

Despite the fact that more than half the respondents having implemented a fraud control organization structure, number of frauds are raising which brings into question the effectiveness of the fraud risk management framework at the banks. The reason for complete implementation of all these framework controls could possibly be because of the fact that many banks are in the early stages of implementation of the framework and these are work in progress. With the advent of new products and technologies, fraudsters will keep finding new ways to exploit the system. To have robust and effective fraud control mechanism in place it is imperative for the banks to keep reviewing their operations and gather market intelligence on the new fraud scenarios to understand their Operations vulnerability to fraud. However, it should be noted that market intelligence plays a key role in understanding new fraud schemes in the market and banks may need to employ mystery shopping exercise to understand the weakness in their system. So for a meaningful fraud risk assessment, banks should look at increasing their market intelligence capabilities or seek external help. A quick analysis of the results indicate that banks need to immediately focus and speed up their efforts in the following areas to foster better fraud risk management.

Intelligence gathering mechanism. Dedicated forensic tools for investigation. Fraud risk assessment. Due diligence of vendor/third party.

37

Proactive or reactive - What is the role of technology?

Technology has created new avenues for banks to prevent or detect fraud as many of the indicators of fraud are hidden within the bank's operational data. A clever data analytics tool can mine through this data and identify hidden relations hips and red flags. This will enable banks to proactively identify potential fraudulent transactions before they manifest thems elves months or years down the line. Half the respondents indicated that they are using fraud analytics solutions to identify potential fraudulent transactions and another 23% are planning to implement it. It is interesting to note that 73% of the respondents who have implemented a solution appear to be completely satisfied with it. Of the 27% percent who have not implemented technology solution, the prominent reason appear to be data related issues like data integration or data sufficiency issues The other reasons are: Solution being expensive 13% Ineffective solution 25%

Banks have been traditionally early adopters of technology resulting in a number of legacy applications catering to various aspects of their operations. These systems often result in islands or pockets of information with limited data. With modern data analytics solution requiring varied types of data, banks are realizing that they may not have been capturing the requisite information in their existing system, resulting in lack of sufficient data for analytics. Also integrating these varied data sources which may exist in different platforms with varied formats is often cumbersome.

38

Protecting Yourself from Bank Fraud

While the term bank fraud refers to criminals stealing money from financial institutions, that doesnt mean there arent individual victims as well. For most people, the biggest threat is having their identity stolen. Once a thief gets a hold of your personal information, they may take out loans or make credit card purchases in your name. In many cases by the time anyone catches the fraud, the thief has already made off with thousands of dollars. This results in a loss of finances as well as damaged credit that may take years to repair for the victim. The best way to attain optimum ID theft protection is to closely monitor your credit reports and bank statements. If you see anything suspicious, or lose any personal information, report it to your bank at once. The Indian banking and financial services sector has witnessed exponential growth in the last decade. This growth has not been without its pitfalls as incidents of fraud in the industry have also been on the rise. Risks are inherent in the banking business. In todays economic climate, the adage prevention is better than cure has never been more accurate. No organization can be completely immune to fraudulent activity but steps can be taken to reduce the exposure to financial loss and reputational damage, which are common consequences of fraud. Deloittes fraud survey for the banking industry was aimed at gaining an insight into the fraud scenario in the industry, the areas that incur the maximum number of fraud incidents and the measures organizations are taking to fight the menace Over the last few years, India has been one of the worlds fastest growing economies with banking and financial service companies experiencing significant growth both in size and profitability. In the last decade, the Indian banking sector grew at an average of 18 percent compared to over 7 percent GDP growth. So frauds in the financial services industry pose a significant risk to institutions, as well as to the integrity of capital markets. Its effect can be widespread, causing long term financial and reputational damage.

39

BIBLIOGRAPHY
www.wikipedia.com

40

Indian Banking Fraud Surey by Deloitte.

41