Discussion Paper Fraud Detection Using Data Analytics In .

3y ago
59 Views
2 Downloads
387.65 KB
9 Pages
Last View : 14d ago
Last Download : 4m ago
Upload by : Warren Adams
Transcription

Discussion PaperFraud Detection Using Data Analyticsin the Banking Industry

Table of ContentsWhat is Fraud?. 1Who is Responsible for Fraud Detection? . 1Why Use Data Analysis for Fraud Detection?. 2Analytical Techniques for Fraud Detection . 3Fraud Detection Program Strategies . 4Banking . 5Other Resources . 7

Fraud Detection Using Data Analytics in the Banking Industry1What is Fraud?Fraud encompasses a wide range of illicit practices and illegal acts involvingintentional deception or misrepresentation. The Institute of Internal Auditors’International Professional Practices Framework (IPPF) defines fraud as:" any illegal act characterized by deceit, concealment, or violation of trust. Theseacts are not dependent upon the threat of violence or physical force. Frauds areperpetrated by parties and organizations to obtain money, property, or services; toavoid payment or loss of services; or to secure personal or business advantage."Fraud impacts organizations in several areas including financial, operational, andpsychological. While the monetary loss owing to fraud is significant, the full impactof fraud on an organization can be staggering. The losses to reputation, goodwill,and customer relations can be devastating. As fraud can be perpetrated by anyemployee within an organization or by those from the outside, it is important tohave an effective fraud management program in place to safeguard yourorganization’s assets and reputation.The International Professional Practices Framework(IPPF) contains the following Standards on fraud andinternal audit’s role:1200 – Proficiency and Due Professional Care1210-A2 – Internal auditors must have sufficientknowledge to evaluate the risk of fraud and the mannerin which it is managed by the organization, but are notexpected to have the expertise of a person whoseprimary responsibility is detecting and investigatingfraud.1220 – Due Professional Care1220.A1 – Internal auditors must exercise dueprofessional care by considering the following: Extent of work needed to achieve the engagement’sobjectives; Related complexity, materiality, or significance ofmatters to which assurance procedures are applied; Adequacy and effectiveness of governance, riskmanagement, and control processes;Who is Responsible for Fraud Detection? Probability of significant errors, fraud, ornoncompliance; andWhile senior management and the board are ultimately responsible for a fraudmanagement program, internal audit can be a key player in helping address fraud.By providing an evaluation on the potential for the occurrence of fraud, internalaudit can show an organization how it is prepared for and is managing these fraudrisks. Cost of assurance in relation to potential benefits.In today’s automated world, many business processes depend on the use oftechnology. This allows for people committing fraud to exploit weaknesses insecurity, controls or oversight in business applications to perpetrate their crimes.However, the good news is that technology can also be a means of combatingfraud. Internal audit needs to view technology as a necessary part of their toolkitthat can help prevent and detect fraud. Leveraging technology to implementcontinuous fraud prevention programs helps safeguard organizations from the riskof fraud and reduce the time it takes to uncover fraudulent activity. This helps bothcatch it faster and reduce the impact it can have on organizations.2060 – Reporting to Senior Management and theBoardThe chief audit executive must report periodically tosenior management and the board on the internal auditactivity’s purpose, authority, responsibility, andperformance relative to its plan. Reporting must alsoinclude significant risk exposures and control issues,including fraud risks, governance issues, and othermatters needed or requested by senior managementand the board.2120 – Risk Management2120.A2 – The internal audit activity must evaluate thepotential for the occurrence of fraud and how theorganization manages fraud risks.2210 – Engagement Objectives2210.A2 – Internal auditors must consider theprobability of significant errors, fraud, noncompliance,and other exposures when developing the engagementobjectives.

Fraud Detection Using Data Analytics in the Banking Industry2Why Use Data Analysis for Fraud Detection?Data analysis technology enables auditors and fraud examiners to analyze anorganization’s business data to gain insight into how well internal controls areoperating and to identify transactions that indicate fraudulent activity or theheightened risk of fraud. Data analysis can be applied to just about anywhere inan organization where electronic transactions are recorded and stored.Data analysis also provides an effective way to be more proactive in the fightagainst fraud. Whistleblower hotlines provide the means for people to reportsuspected fraudulent behavior but hotlines alone are not enough. Why be onlyreactive and wait for a whistleblower to finally come forward? Why not seek outindicators of fraud in the data? That way, organizations can detect indicators offraudulent activity much sooner and stop it before it becomes material and createsfinancial damage.The Association of CertifiedFraud Examiners’ 2010 GlobalFraud Study found that thebanking and financial servicesindustry had the most casesacross all industries –accounting for more than 16%of frauds.www.acfe.orgTo effectively test for fraud, all relevant transactions must be tested across all applicable business systems and applications.Analyzing business transactions at the source level helps auditors provide better insight and a more complete view as to thelikelihood of fraud occurring. It helps focus investigative action to those transactions that are suspicious or illustrate controlweaknesses that could be exploited by fraudsters. Follow-on tests should be performed to further that auditor’s understanding ofthe data and to search for symptoms of fraud in the data. 1There is a spectrum of analysis that can be deployed to detect fraud. It ranges from point-in-time analysis conducted in an adhoc context for one-off fraud investigation or exploration, through to repetitive analysis of business processes where fraudulentactivity is likely to more likely to occur. Ultimately, where the risk of fraud is high and the likelihood is as well, organizations canemploy an “always on” or continuous approach to fraud detection – especially in those areas where preventative controls are notpossible or effective.Once an organization gets started with data analysis, they usually find that they want to do more and dig deeper into the data.Modern organizations have increased management demands for information and the audit paradigm is shifting from thetraditional cyclical approach to a continuous and risk-based model. Technology therefore offers a range of solutions, varying bythe size and sophistication of the audit organization. From ad hoc analysis, through to repeatable automated procedures, andcontinuous auditing and monitoring, analytics provide insight into the integrity of financial and business operations throughtransactional analysis. Technology provides more accurate audit reports and better insight into the internal controls framework,and improves the ability to access and manage business risk.1Coderre, David G., Fraud Analysis Techniques Using ACL, John Wiley & Sons, 2009.

Fraud Detection Using Data Analytics in the Banking Industry3Analytical Techniques for Fraud DetectionGetting started requires an understanding of:9The areas in which fraud can occur9What fraudulent activity would look like in the data9What data sources are required to test for indicators of fraudThe following techniques are effective in detecting fraud. Auditors should ensurethey use these, where appropriate. They include the following:“As a large multinationalorganisation, our internal auditprocess is under scrutiny frommultiple global and localauthorities. It was essential forus to find a solution whichallowed fast processing offinancial data, was scalable toour needs and streamlined theentire process to increaseoverall efficiency. ACL metevery one of our needs.” Calculation of statistical parameters (e.g., averages, standard deviations,high/low values) – to identify outliers that could indicate fraud. Classification – to find patterns amongst data elements. Stratification of numbers – to identify unusual(i.e., excessively high or low) entries. Digital analysis using Benford’s Law – to identify unexpected occurrencesof digits in naturally occurring data sets. Joining different diverse sources – to identify matching values (such asnames, addresses, and account numbers) where they shouldn’t exist. Duplicate testing – to identify duplicate transactions such as payments, claims, or expense report items. Gap testing – to identify missing values in sequential data where there should be none. Summing of numeric values – to identify control totals that may have been falsified. Validating entry dates – to identify suspicious or inappropriate times for postings or data entry. 2Cyrille OudardHead of Internal Audit Tools, BNP ParibasPlease note that random sampling is not listed as an effective fraud detection technique. While sampling is an effective dataanalysis technique for analyzing data values that are consistent throughout the data population, the very nature of fraud isdifferent as it tends not to occur randomly.2Global Technology Audit Guide: Fraud Prevention and Detection in an Automated World. The Institute of Internal Auditors, 2009.

Fraud Detection Using Data Analytics in the Banking Industry4Fraud Detection Program StrategiesInstead of relying on reactive measures like whistleblowers, organizations can andshould take a more hands-on approach to fraud detection. A fraud detection andprevention program should include a range of approaches – from point-in-time torecurring and, ultimately, continually for those areas where the risk of fraudwarrants. Based on key risk indicators, point-in-time (or ad hoc) testing will helpidentify transactions to be investigated. If that testing reveals indicators of fraud,recurring testing or continuous analysis should be considered.A KPMG Forensics’ Fraud Risk Management report states, “unlike retrospectiveanalyses, continuous transaction monitoring allows an organization to identifypotentially fraudulent transactions on, for example, a daily, weekly, or monthly basis.Organizations frequently use continuous monitoring efforts to focus on narrow bandsof transactions or areas that pose particularly strong risks.” 3“ACL AuditExchangeleverages ACL's provenanalytical strengths andInformatica's data integrationcapabilities to provideauditors with a means toperform data analyses andhelp effectively detect andprevent fraud."David Coderreleading author of books such as “Computer-Aided FraudDetection & Prevention: A Step-by-Step Guide”By leveraging the power of data analysis technology organizations can detect fraudsooner and reduce the negative impact of significant losses owing to fraud.3“Fraud Risk Management: Developing a Strategy for Prevention, Detection and Response.” KPMG International, 2006

Fraud Detection Using Data Analytics in the Banking Industry5BankingFraud detection in banking is a critical activity that can span a series offraud schemes and fraudulent activity from bank employees andcustomers alike. Since banking is a relatively highly regulated industry,there are also a number of external compliance requirements thatbanks must adhere to in the combat against fraudulent and criminalactivity.Banking Related Fraud Schemes:Here are a few typical fraud schemes encountered in banking andsome examples of the way data analysis can be applied to detect andprevent them:Banking/Financial Services – 298 CasesNumberof CasesPercentof CasesCorruption10133.9%Cash on Hand6421.5%Billing3712.4%Check eny299.7%Expense Reimbursements206.7%Financial Statement Fraud165.4%Payroll93.0%Register Disbursements82.7%SchemeDistribution of Fraud Schemes in Banking/Financial ServicesCorruption Find customers who appear on the US Treasury Department Office of Foreign Asset Control (OFAC) list. Ensure Financial Action Taskforce on Money Laundering (FATF) compliance. Produce listing of transactions with organizations on the list of non-cooperative countries and territories.Cash Identify cash transactions just below regulatory reporting thresholds. Identify a series of cash disbursements by customer number that together exceed regulatory reporting thresholds. Identify statistically unusual numbers of cash transfers by customer or by bank account.Billing Identify unusually large number of waived fees by branch or by employee.Check Tampering Identify missing, duplicate, void or out of sequence check numbers. Identify checks paid that do not m

Fraud Detection Using Data Analytics in the Banking Industry 5 Banking Fraud detection in banking is a critical activity that can span a series of fraud schemes and fraudulent activity from bank employees and customers alike. Since banking is a relatively highly regulated industry, there are also a number of external compliance requirements that banks must adhere to in the combat against .

Related Documents:

Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2

Types of economic crime/fraud experienced Customer fraud was introduced as a category for the first time in our 2018 survey. It refers to fraud committed by the end-user and comprises economic crimes such as mortgage fraud, credit card fraud, claims fraud, cheque fraud, ID fraud and similar fraud types. Source: PwC analysis 2

Detection of Fraud Schemes Fraud is much more likely to be detected by tips than by any other method. 2012 Association of Certified Fraud Examiners, Inc. 26 Detection of Occupational Frauds 2012 Association of Certified Fraud Examiners, Inc. 27 Why Employees Do Not Report Fraud According to a Business Ethics Study (Association of Certified Fraud Examiners), employees do not .

fraud detection and the techniques used for solving imbalance dataset problems. The literature review is divided into two parts: insurance fraud detection and techniques for handling the imbalanced problem in a dataset. 2.1 Insurance Fraud Detection The use of data analytics and data mining is changing the in-surance fraud detection method.

Card Fraud 11 Unauthorised debit, credit and other payment card fraud 12 Remote purchase (Card-not-present) fraud 15 Counterfeit Card Fraud 17 Lost and Stolen Card Fraud 18 Card ID theft 20 Card not-received fraud 22 Internet/e-commerce card fraud los

Fraud risk management strategy Fraud prevention Anti-fraud culture Risk awareness Whistleblowing Sound internal control systems A fraud policy statement, effective recruitment policies and good internal controls can minimise the risk of fraud. Fraud detection Performing regular checks. Warning signals/fraud risk indicators:

Auditors are not effectively trained to detect or recognize fraud. One expert noted that fact patterns suggesting that fraud exists (i.e., fraud schemes) are unfamiliar to many auditors because they have not been trained in this area and because fraud is a rare event. Auditors' lack training in fraud detection methods or fraud investigation

ASME A17.1-2013 / CSA B44-13 2.25.4.1.1 Emergency Terminal Speed-Limiting Device New requirement to apply the emergency brake if the main brake fails to slow the car down when ETSL actuated. Both brakes may be applied but max deceleration is 9.81 m/s2. Reduced stroke buffer ETSL Broken Shaft - Main brake does not work Emergency brake applied when car fails to slow down as intended Car below .