jonathan marsh partner berwin leighton paisner adelaide house london bridge london ec4r 9ha tel :...
Post on 14-Dec-2015
217 Views
Preview:
TRANSCRIPT
Jonathan MarshPartnerBerwin Leighton PaisnerAdelaide HouseLondon BridgeLondon EC4R 9HATel : 020 7760 1000Fax : 020 7760 1111
Fraud Risk Management:The FSA’s Expectations
Overview
Where is the FSA coming from?
What are the FSA’s expectations?
Dealing with the aftermath
The FSA’s regulatory objectives – s.2 FSMA
Market confidence
Public awareness
Consumer protection
Reduction of financial crime
The reduction of financial crime objective – s.6 FSMA
Reducing the extent to which regulated persons and businesses in breach of the general prohibition can be used for a purpose connected with financial crime
Financial crime is any offence involving:– Fraud or dishonesty– Market abuse– Money laundering
The reduction of financial crime objective – s.6 FSMA
Being aware of the risk of their businesses being used in connection with the commission of financial crime
Taking appropriate measures (in relation to their administration and employment practices, the conduct of transactions by them and otherwise) to prevent financial crime, facilitate its detection and monitor its incidence
Devoting adequate resources to prevention, detection and monitoring
The FSA must, in particular, have regard to the desirability of regulated persons:
An increased focus
October 2004: Philip Robinson speech – the FSA’s new approach to fraud – fighting fraud in partnership
February 2006: Firm’s High Level Management of Fraud Risk
March 2006: Capita Financial Administrators Limited
Fighting fraud in partnership: key messages
strong anti-fraud culture led from the top
clear allocation of responsibility for fraud risk management
staff training
KYC procedures
capture and use of management informationon fraud
The FSA will pay “more attention to firm’s arrangements for managing their fraud risks”
Firm’s High Level Management of Fraud Risk – Roles, Responsibilities and Resources
High level sponsorship of fraud management at executive level
Boards/board committees receive fraud reports but not expected to have direct involvement in formulation and monitoring of anti-fraud initiatives
Development and monitoring of fraud strategies typically the responsibility of high-level management committees e.g. risk committee or fraud “steering groups”
Approval of anti-fraud strategies and plans was sometimes informal and director level accountability for delivery of strategies and plans was unclear
Firm’s High Level Management of Fraud Risk – Roles, Responsibilities and Resources
High risk organisation (e.g. retail banks, insurers) – generally well defined anti-fraud roles and responsibilities
Lower risk organisations (e.g. investment banks, asset managers) – reliance on control procedures not specifically labelled as anti-fraud measures
The FSA’s view: without formal, integrated anti-fraud responsibilities and structures, anti-fraud initiatives may be difficult to sustain on an ongoing basis
Favourable comment on a “hub and spoke” model with a central team coordinating anti-fraud activity and dissemination of best practice
Firm’s High Level Management of Fraud Risk – Fraud Data and Reporting
Accurate and detailed fraud data and analysis necessary to assess where and why there is a fraud risk
Systems and controls should be capable of detecting fraud risk at an early stage
Role of trade associations in collecting and sharing fraud related data
Firm’s High Level Management of Fraud Risk – Risk Assessment and Risk Appetite
Generally fraud risk was reported and reviewed within operational risk management reporting channels
Lack of formal fraud risk assessment processes beyond those required for operational risk purposes
Firms need to assess the fraud risk that they are exposed to (e.g. mispricing in the derivatives sector) and ensure that appropriate controls are in place to mitigate this risk
Allocation of anti fraud resources was generally not driven by a clear cost benefit or risk appetite analysis
Firm’s High Level Management of Fraud Risk – Business Engagement, Systems and Controls
Investment in systems and controls and a focus on robustanti-fraud operational processes is key to risk mitigation
Fraud threats are dynamic and the ability to meet emerging fraud threats depends on good analytics in a firm’s anti-fraud operations
Focused management of internal (staff) fraud risk– Enhanced vetting
– High profile arrests
– Communication and awareness
Focused management of fraud risk in product design – fraud risk identification should take place at an early stage
Firm’s High Level Management of Fraud Risk – Recruitment
Insider fraud (coercion, collusion, infiltration or employee’s own initiatives) considered to be one of the most serious fraud threats faced by financial institutionsEnhanced vetting procedures e.g. use of specialist agencies to conduct pre-employment screening with varying levels of screening depending on seniorityVetting key suppliers and insisting on agreed standards of employee screening which will be checked by random, unannounced visitsInsider profiling – working with the police to compare new recruits against insider profiles
Firm’s High Level Management of Fraud Risk – Anti-Fraud Training
Generally fraud awareness training given to new staff as part of induction
Newsletters or staff alerts
Computer-based training packages
Training predicated on “red flag” recognition
Good practice guidelines supported by tailored training on a divisional basis
Varying approaches to staff training
Firm’s High Level Management of Fraud Risk – Resources forTackling Fraud
Increase in the size of dedicated anti-fraud teams and staff
Increase in awareness of financial crime and fraud risk
High hurdle rates applied to proposals foranti-fraud investment and financial considerations outweighed qualitative concerns such as reputational risk
Firm’s High Level Management of Fraud Risk – Fraud Investigations
In larger firms responsibility for significant or complex fraud investigations was delegated to specialist departmentsAt other firms responsibility given to corporate security or auditVarying degrees of sophistication e.g. some fraud investigation units able to conduct investigations to criminal investigation standards (including computer forensics)Increase threat of e-fraud makes investigation more difficultUse of “post-mortems” to improve risk mitigation
Firm’s High Level Management of Fraud Risk – External Liaison and Communication
Increased industry cooperation and strong support within firms for this but more needs to be done to share data and information on the perpetrators of fraud
Firm’s High Level Management of Fraud Risk – Educating Consumers
Tension between implementation of anti-fraud measures and customer convenience
The degree to which customer experience is expected to be negatively affected by an anti-fraud initiative was found to be a key factor in determining whether to proceed with the initiative
FSA Enforcement Action: Capita Financial Administrators Limited
£300,000 fine for breaches of:
Principle 2: failing to act with due skill, care and diligence in considering the risks posed by financial crime
Principle 3: failing to take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems
SYSC 3.2.6R: failing to take reasonable care to maintain effective systems and controls to counter the risk that the firm might be used to further financial crime.
FSA Enforcement Action: Capita Financial Administrators Limited
Inadequate assessment of fraud risk, especially the risk of internal fraud
Should have assessed the adequacy of existing controls and considered additional controls to mitigate any risks identified
Inadequate response to discovery of fraud: although an investigation committee was set up, it focused on the specific circumstances of the fraud rather than a wider review of fraud risks
Dealing with the aftermath
Alert senior management / the board
Investigation of (a) specific circumstances and (b) wider fraud risks– Appoint appropriate individuals to investigation team– Consider whether use of external consultant is appropriate
– Establish timetable and objectives
Consider key legal issues– Asset recovery– Accessing personal data– Suspension / dismissal– Whether or not to provide documents to FSA voluntarily– Privilege– Money laundering reporting obligation
Corrective action / remedial plan
Insurance issues
Notifying FSA
Conclusions
Recognise importance of fraud risk management to the FSA and react accordingly
Senior management needs to be engaged
Formal fraud risk assessment process and appropriate controls to deal with identified risks
Clearly defined allocation of responsibilities for fraud risk management
Adequate resources
Adequate investment in systems and controls which are capableof early detection
Capture and use management information on fraud
Ensure threat of both internal and external fraud is assessed and dealt with
Anti-fraud training
Development of fraud investigation plan
top related