By Simon Miller
Crime is as old as the hills, if someone had an asset, someone else would try to steal it and banking is no different in facing these risks than any other industry. What sort of crime is prevalent in the banking world and what can be done to mitigate these risks?
Fraud is the most talked about issue for banks – whether it is a customer in the retail arm being scammed or an institutional investor being taken in by the promise of better times through a Ponzi scheme, fraud is a natural
bed-fellow to watch out for in the financial world.
The Financial Services Authority (FSA) claims that fraud is a major and growing problem in the UK, a claim that figures from consultants KPMG back up.
In its latest Fraud Barometer, KPMG found that fraud exceeded £1 billion compared with £609 million in 2010 with nearly half levelled against the private sector.
But who is doing the fraud? Again, KPMG points out that there are multiple enemies from professional criminals to internal fraud committed by employees. The attitude towards committing fraud is usually in correlation to the financial situation n which a member of staff may find themselves. Under normal or boom times, they would not consider committing fraud, in a recessionary era, additional pressures may push them over the top.
Indeed, £225 million worth of damage this year (up from £181 million Jan – Jun 2010) was committed by employees, with management fraud, averaging at £7.3 million a case, and employee fraud around £708k.
Investors are also being hit, accounting for £263 million of damage - 25 per cent of all fraud in the first six months of 2011. So it is clear that there are issues surrounding fraud but what risks do they contain?
For a financial institution, the most obvious example is that of the Ponzi scheme. Ever since Enron, regulators have said that this is something that can be dealt with but following the arrest and jailing of Bernard Madoff in 2009, it is important that a financial institution, whether as lender or as a more complex instrument, or indeed an investor in the case of a private equity house have a good understanding of the actual performance of the business.
Richard Powell, KPMG EMA forensic investigations network lead, comments: “Institutions must understand the relationship, for example, between reported profit and cash. Often we find that the cash position of the business and its relationship with reported profit has a tale-tell indicator that all is not quite as it appears.”
In other words, if something looks too good to be true then it probably is.
It is important to have regular and informed dialogues and maintain an appropriate analysis over that in which you are investing according to Powell.
Quite a number of the more famous schemes, such as Ponzi schemes, often had at their heart a promise of returns and the apparent reality of returns which buck the normal trends.
“Understand what are the underlying assets that the business is actually investing in and properly understand the risks that are attendant on that investment. Have regular dialogue over the types of investments you have made that go as far up as directors and audit committee,“ says Powell.
Another area that is coming to the fore is bribery. The Bribery Act came into power in the UK last month (July) and follows on from the Bribery and Corruption Act in the US which has come into criticism for the extra-territorial investigations that regulators have taken when investigating US or US-based companies.
Simply put, if you have used cash, gifts, or failed to record travel, or entertainment, expenses just for the purpose of financial gain for yourself or company, you may fall under the Bribery Act.
Just over 31 per cent of the cases in the KPMG analysis involved the payment of bribes or kickbacks or other forms of corruption.
Sam Eastwood, head of business ethics and anti-corruption at Norton Rose says that companies have got to understand that people are always going to exploit weaknesses.
He comments: “The challenge is organisation and to be able to say that if it happened it was not withstanding your best efforts. My contention is that you cannot eradicate bribery and corruption and you certainly cannot guarantee that it won’t happen in any industry.”
Eastwood adds: “What you have got to be able to do when, or if, it happens is to say it was not withstanding my very best efforts and that applies to matters in addition to bribery and corruption. It certainly helps mitigate any exposure.”
Deloitte forensic team partner Peter Maher agrees but adds: “The Serious Fraud Office will be taking a look at bribery but they have taken the sting out of the initial worry over this area by toning down the entertainment aspects in the final guidance but it is an issue that financial institutions need to be aware.”
Going hand in hand with these is corruption. In a global system, there will always be countries that have a greater propensity – or reputation – for corruption. Transparency International’s annual table of countries with high levels of corruption shows that Russia heads the list with India and China following on.
Eastwood notes that the real challenge, such as in the bribery act, is the extra-territorial reach. That is how to mitigate the compliance factors in each territory. “A company would find it hard to have multi-standards depending on where they operate and the challenge is not to tie standards to one particular law but to look at emerging international trends and norms,” he adds.
According to Powell: “Understanding the excitement and opportunities that some of the emerging markets present, but also understanding the particular risks that are incumbent on them, and thinking about how they are managed, is clearly important.”
Yet despite the prevalence of fraud risk, the systems may be picking up
the risk but action is not being taken quickly enough.
KPMG research shows that prior red flag indicators of fraud had significantly, on more occasions either been missed or not appropriately responded to.
Around half (51 per cent) of cases had prior-red flag indicators but only 6 per cent had appropriate action taken on a timely basis.
So why isn’t this being picked up? Analysis suggests that as people try to take cost out and be more streamline, they have, perhaps inappropriately, spent less time focussing on the areas of greatest fraud risk. For instance, KPMG’s study found that as many as 22 per cent of firms carried out anti-bribery and corruption risk assessments as and when it was necessary rather than annually.
The FSA has been examining attitude towards risk. In its briefing note, Financial Crime: a guide for firms, the authority notes that, although there has been improved mitigation and reporting, this was a fairly recent phenomenon.
It adds: “Firms are reporting and reviewing fraud risk within operational risk management reporting channels, where these exist, but this information is high level.”
The FSA notes that only a few firms were developing formal fraud risk assessment process beyond that required for operational risk purposes.
Powell comments: “As a general principle, if you seek to cut back cost as everyone needs to from time to time you do need to think about the areas of higher fraud risk and try to proportionately steer your cost cutting to areas that are not going to materially weaken your control.”
Maher says that the key in ensuring compliance and not falling foul of
the law is to recognise what risks an institution faces, through a detailed and realistic assessment.
“Then it is a case of looking at what gross risks exist, what policies, procedures and controls might be in place already and mitigate that risk and then looking at the resultant net risk to see what additional controls need to be put in place to reduce that risk to an acceptable level,” he adds.
The key message to firms from consultants, lawyers and regulators is that due diligence and a decent system of surveillance can help mitigate the risks involved. However, no matter how good your compliance or how good the regulators are at detecting crime, the risks will always be with us.
As Maher comments: “Even if you build a 20 foot fence, people will always be able to build a 22 foot ladder. Crime and fraud have probably been around since man first came onto the planet.”