using indicators and internal loss data to forecast fraud · embezzled aud 45,000,000 between 2004...
TRANSCRIPT
Using Indicators and Internal Loss
Data to Forecast Fraud
2012 ACFE European Fraud Conference
© 2003-2012 RiskBusiness International Limited
Getting Started — Common Language
• Definition of fraud
Fraud essentially involves an act or acts of deception
to dishonestly make a personal gain for oneself and/or
create a loss for another, either in cash or kind or by
avoiding an obligation
• Fraudster
Intends to deceive
Has an objective to influence actions and decisions
© 2003-2012 RiskBusiness International Limited
Getting Started — Common Language
• Definition of operational risk
The risk of loss resulting from inadequate or failed
internal processes, people and systems or from
external events. The definition includes legal risk but
excludes strategic and reputational risk.
• Recognises two forms of loss event types
Internal fraud
External fraud
© 2003-2012 RiskBusiness International Limited
Common Language
• Taxonomy is the practice and science of
classification.
The word finds its roots in the Greek τάξις, taxis
(meaning “order,” “arrangement”) and νόμος, nomos
(meaning “law” or “science”).
Taxonomy uses taxonomic units, known as taxa
(singular taxon).
© 2003-2012 RiskBusiness International Limited
Common Language
• In addition, the word is also used as a count noun: a taxonomy, or taxonomic scheme, is a particular classification (“the taxonomy of ...”), arranged in a hierarchical structure. Typically this is organised by subtype-supertype
relationships, also called parent-child relationships.
In such a subtype-supertype relationship the subtype kind of thing has by definition the same constraints as the supertype kind of thing plus one or more additional constraints.
For example, car is a subtype of vehicle. So any car is also a vehicle, but not every vehicle is a car. Therefore, a thing needs to satisfy more constraints to be a car than to be a vehicle.
© 2003-2012 RiskBusiness International Limited
The Difficulty with Classification
© 2003-2012 RiskBusiness International Limited
Risk category classifications
• Internal fraud
Unauthorised activity
Internal fraud and theft
Fraudulent activity
Theft
• External fraud
Hacking and system intrusion
External fraud and theft
Fraudulent activity
Theft and robbery
© 2003-2012 RiskBusiness International Limited
Understanding Loss Event Data
© 2003-2012 RiskBusiness International Limited
Detective Controls
Internal causes
External causes Oversight Controls
EVENT
Preventive Controls
Defined Business Process
Market and Sell
Products and
Services
Trading and/or
Investment
Management
Trade Settlement
Processes
Glob Serv Inv Mgmt Sec Lend
Org’l Hierarchy
Card - Retail FX Swap Lockbox
Products
Expected Result
Defined Business Process
Risk Category
Mining Loss Event Data
© 2003-2012 RiskBusiness International Limited
• Lehman Brothers and Marubeni:
March 2008, Lehman Brothers filed lawsuit against
Marubeni Corporation in Tokyo District Court.
Lawsuit sought recovery of ¥35 billion/$351 million lent
by Lehman’s to Asclepius/ LTT Bio-Pharma but
misappropriated by two Marubeni employees.
Lehman claims it thought the funds it committed were
backed by Marubeni, based on documents on a
Marubeni letterhead, which the investment bank later
found was forged.
Lehman staff undertook all required and reasonable
counter-fraud measures, post disbursement controls
failed.
Case Study — External Fraud
© 2003-2012 RiskBusiness International Limited
• ING: Australia’s second largest fraud
40-year-old Rajina Subramaniam worked for ING in
Sydney for 20 years as an accountant.
Embezzled AUD 45,000,000 between 2004 and 2010
by transferring suspense account balances and
unclaimed client money to personal accounts.
Became known throughout Sydney for her lunch-hour
shopping spree’s. In 2009 alone:
Chanel (AUD 98,452)
Bulgari (AUD 3,300,000)
Paspaley – a jewellers (AUD 7,600,000, over and above AUD
16,000,000 in previous years)
Also bought seven properties in her maiden name.
Currently on trial for embezzlement.
Case Study — Internal Fraud
© 2003-2012 RiskBusiness International Limited
Culture, Human Behaviour, and ….KYP
© 2003-2012 RiskBusiness International Limited
National Culture...
© 2003-2012 RiskBusiness International Limited
Forecasting Fraud — Causal Chains
Manager
S’visor A S’visor B
Clerk A Clerk A Clerk A Clerk B Clerk B Clerk B
Trade
Record
Review
and check
details
Correct? Send to
Confirm
Return
to F/O
Yes
No
Annual
holidays
Market
volatility
Complex
trade
Lack of
training
Staff €
problems
Staff
personal
problems
M’ment
offsite
Short
staffed
System
failure
© 2003-2012 RiskBusiness International Limited
Forecasting Fraud — Using Indicators
• Avoid “backward-looking” indicators
• Use causal drivers as basis for identifying good
indicators
• Where possible, create composite or index-
based indicators
• Monitor delta from a base starting point
• Set thresholds and alert triggers
• Link in root cause assessments from loss data
© 2003-2012 RiskBusiness International Limited
Questions and Comments
• Contact Details:
• Mike Finlay, Chief Executive, RiskBusiness
Telephone : +44 7721 969 224
E-mail : [email protected]
URL : www.riskbusiness.com and www.KRIeX.org
• Further Information:
• See “Fraud rising to the top”, The Risk Universe
Issue 2, February 2012, www.riskuniverse.com
“Association of Certified Fraud Examiners,”
“Certified Fraud Examiner,” “CFE,” “ACFE,”
and the ACFE Logo are trademarks owned by
the Association of Certified Fraud Examiners,
Inc. The contents of this paper may not be
transmitted, re-published, modified,
reproduced, distributed, copied, or sold without
the prior consent of the author.