1. Fraud Risk Presented by: Fahad Zafar Mayfair Business Consultants

2. What are we covering Definition Types of Fraud Snapshot on Fraud (CFE Data) Local Fraud Data SBP’s initiative in Consumer Fraud Management Consumer Fraud Management set-up at the bank Basic challenges in Fraud Management the bank Consumer Fraud Management set-up in local industry

4. Criminal deception, the use of false representations to gain an unjust advantage. (Oxford Dictionary)

5. Act of deception, misrepresentation, illegal actions and activities, all aimed at securing gain at the cost of targeted business, individuals or financial institutions. (Glossary-Shakil Faruqi)

6. Fraud Fraud losses cost institutions multi-millions every year and it’s a problem which is escalating fast as criminals employ increasingly sophisticated techniques to launch attacks across the enterprise and evade detection.

7. Main Fraud Categories The principal categories of fraud are: Misrepresentation of material facts Concealment of material facts Bribery Conflicts of interest Theft of money or property Theft of trade secrets or intellectual property Breach of fiduciary duty

8. Motivation for doing a Fraud Money Power Peer Regard Appreciation

10. Types of Frauds Phishing. Spoofing. Identity Fraud. Skimming.

11. Credit Card Frauds Unauthorized charges to your credit card. Counterfeit cards.

12. Credit card fraud can happen when Cards are lost or stolen Mail is diverted by criminals Employees of a business steal customer information

13. Higher Interest Rate/ Fee’s These costs ‘trickle down’ in higher interest rates and fees for all consumers.

14. Identity Theft Identity theft is the use of someone’s personal information to commit financial fraud. CNIC numbers. Dates of birth. Names and other personal information are used to open new credit accounts. Existing credit and bank accounts are accessed to make unauthorized purchases or cash withdrawals. Victims of ID theft are not held liable for losses, but it takes time and effort for victims to prove fraud and clean up the credit damage.

15. Forms of fraud Dumpster diving Stealing credit card information from discarded receipts or account statements in people’s trash. Shred unwanted documents that contain CNIC numbers, bank and credit card information and other sensitive financial information.

16. Skimming Dishonest employees make illegal copies of credit or debit cards using a ‘skimmer’. The stolen credit information is used to make Purchases by phone and internet. Counterfeit cards.

17. Phishing Phishing is a financial crime that starts with massive numbers of deceptive spam e-mails. These e-mails look like they came from your bank. But they are just a trick to get account numbers and personal data.

18. Security codes Credit card companies use security codes to help prevent unauthorized or fraudulent use by phone and online These numbers help ensure that you have the card, not just the account number Merchants are prohibited from keeping or storing any security codes after transactions are completed. Security codes for Visa, MasterCard and Discover cards are the 3 digits located on the back of the card in the signature box.

19. Anticipation of fraudulent activity A missing credit card statement may indicate stolen mail and be a warning sign for ID theft.

20. Today’s Criminals Attack globally, not just local. Are organized and systematic, not random and opportunistic. Infiltrate systems as well as people or places. Erode profits through persistent high volume-low value attacks.

21. 4. Risk Management Source: ACFE

22. Victim Organizations: Control Weaknesses that Contributed to Fraud Source: ACFE

23. Age of Perpetrator — Median Loss Pensioners are more into Frauds ! Source: ACFE

24. Roles and Responsibilities High level sponsorship of fraud management at executive level. Boards/ board committees should receive fraud reports but not expected to have direct involvement in formulation and monitoring of anti-fraud initiatives. Development and monitoring of fraud strategies typically the responsibility of high-level management committees e.g. risk management committee or fraud “steering groups”. Approval of anti-fraud strategies and plans is sometimes informal and accountability for delivery of strategies and plans is unclear.

25. Roles, Responsibilities and Resources H&S model with a central team coordinating anti-fraud activity and dissemination of best practice.

26. Fraud Data and Reporting Accurate and detailed fraud data and analysis necessary to assess where and why there is a fraud risk. Systems and controls should be capable of detecting fraud risk at an early stage. Role of branches in collecting and sharing fraud related data.

27. Fraud Investigations The responsibility for significant or complex fraud investigations is delegated to FMU within the CBSG. Computer forensics investigations are with Information Security Division. Use of “Post-Mortems” to improve risk mitigation.

28. Aftermath of a Fraud Alert senior management at the head office. Investigation of specific circumstances and wider fraud risks. Appoint appropriate individuals to investigation team Consider whether use of external consultant is appropriate Establish timetable and objectives. Consider key legal issues Asset recovery. Accessing personal data. Suspension / dismissal. Money laundering reporting obligation. Corrective action / remedial plan Insurance issues

29. Frauds in Pakistan Fraud attempts are not limited to a single product-line or channel. Criminals strike at the following, leaving organizations defenses open and vulnerable to attack across any channel. ATMs, Branches, POS, Over the internet, Via a mobile phone.

30. Examples Fraudsters have established fake office’s in Lahore of some ‘A’ rated companies based in Karachi and Islamabad. The ‘A’ rating allows them easy approval of consumer applications.

32. Shell Pak Limited (Model Town)

33. Shimla Filling Station

34. Defence Service Station

35. Ravi Service Station

37. Repetitive Counterfeit Attacks

38. Occupational Fraud Schemes in Banking and Financial Services Industry Source: ACFE

39. Source: ACFE

40. Way forward Strong anti-fraud culture led from the top. Clear allocation of responsibility for fraud risk management. Staff training. KYC procedures. Capture and use of management information on fraud.

41. Road Map & Conclusion Recognize importance of fraud risk management and react accordingly. Senior management needs to be engaged. Formal fraud risk assessment process and appropriate controls to deal with identified risks. Clearly defined allocation of responsibilities for fraud risk management. Adequate resources. Adequate investment in systems and controls which are capableof early detection.

42. Road Map & Conclusion Capture and use management information on fraud. Ensure threat of both internal and external fraud is assessed and dealt with. Anti-fraud training. Development of fraud investigation plan.

43. Q&A Thanks! Fahad Zafar Mayfair Business Consultants