Title: Top 10 Banking Fraud Practical Discussion of Fraud Schemes by Bank Insiders and How to Prevent Fraud from Occurring
1Top 10 Banking FraudPractical Discussion of
Fraud Schemes by Bank Insiders and How to
Prevent Fraud from Occurring
2????????????
- ????? ????????????
- CIA CISA CISSP CFE CBA CFSA CCSA
- ???????????????????
- ???. ?????????????????????
- ??????????????????????? ????? (2528)
- ???????????????????? ??????????? (2533)
- IIAs EIAP ??????? 7 ????? (2546)
- ?????????????????????? 5 ??
- ????????????????????????????? 19 ??
- ?????? ?????????????????????????????????????????
- ?????????????????? ???????????????????????????????
??
3???????????????????????
- ??????????????????????????????????????????????????
?? - ??????????????????????????????????????????????????
??????????????????????????????????????????????????
???? - ??????????????????????????????????????????????????
??????????????????????????????????????????????????
???? ? - ??????????????????????????????????????????????????
??????????????????????????????????????????.
4????????????????
- ???????????????????
- ????????????????????
- ?????????????????????????
- ?????????????????????
- ???????????????????????
5 6???????????????????????
- ?????????????????????????????????????????????????
??????????????? - The Association of Certified Fraud Examiners
(ACFE) ???????????????????????????????????????????
??? ? ???? 2008 ??????????????????????????????????
??????????????????????????????????????? 994
?????????????????? ??????? ?????? 7 ?????????
??????????????? - ??????????????????????????????? ? ????
- ??????????????????????????????????????????
- ???????????????? ??????????????????????????
- ??????????????????????????.
7???????????????????
- ????????????????? ACFE
- ?????????????????????????? ??????????????????????
???????????????????????????????????????????????? - ????????? ?????????????????? 4 ?????
- ???????????????? ?????????? ????????????????????
- ?????????????????????????? ?????????????????????
???? ?????????????????? ??????????????????????????
???????? - ???????????????????? ??????????????????????? ???
- ????????????????????? ???????????? ??????
?????????????? ???????????????????????.
8???????????????
- ???????????????????? 3 ?????????? ? ???
- ???????????????????????? ??????????????????????
?????? ???????????????????????????????????????????
? - ??????????? ???????????????? ?????????????????????
??? ???????????????????????????????
????????????????? ????????????????????????? - ???????????????????? ????????????????????????????
?????? ???????????????????????????????????
???????????????????????? ?????????????????????????
????????????? ?????????? ??????????
??????????????????????? ??????????????????????????
?? ????????????????????????????????????.
9How Fraud is Committed
- Asset misappropriations were most common but low
loss. Fraudulent statements were least common
with highest loss.
Breakdown of All Occupational Fraud Schemes
Median Loss
10Bank Most Common Fraud
- Greatest percentage (15) of fraud occurred in
banking and financial services sector.
11??????????????????????????
- ????????????????????????????????????????? 3
????????????????? ???????????????? (The Fraud
Triangle)
12- ???????????????????????????????
13??????????????????????
- ?????????????????????????
- ??????? ?????????? ??????????????????????????
- ??????????? ?????????????? ???????????????????????
??????? ???? ?????????? ??????? ATM
???????????????????????????????????????????? - ???????????????????????????? ????????????
?????????????????????? ??? ?????????????? - ??????????????????????????? ATM
??????????????????? ???? ???????? ??????????
Reject ??? - ????????????????????????????????????????????
?????????????????????????? ????????????????.
14??????????????????????
- ????????????????????????????????
- ????????????????????? ???????????????????????????
????????????? (Phishing) - ???????? ????????????????? ??????????????????????
?????????????? (Money laundering) - ???? ???????????????? ????????????????????????????
???????????????????????????????????????????? - ???? ?????????????????????????????
?????????????????????????????????????? - ??? ???????????????????????????????????? ??????
ATM ?????????????????????????????????????????
(Skimming).
15????????????????
- ??????????????????????? 3 ????
- ?????? 6 ?????? 2547 ?????????????? ???.
???????????????? 1000 ??? 3000 ????
?????????????????? ???????????????????????????????
??????? ???????????????????????????????
????????????????????????????? - ???????????????????????? ????? ???.?? 14 ??
?????????????????????????????? ???????????????????
?????? ?? ???.?????????????????
??????????????????????????? ?????????????????????
???????????????????????????? - ??????????????????????????????? 15 ??????
??????????????????????????????????????????????????
?????????????.
(?????? 15 ?.?.47)
16???????????????????????
- ?????????????? ?????????????????
- ??????????????? 2551 ?????????????????????????????
???????????????? ?????????????????????????????????
? ???????????????? 2 ?? ??????????????????????????
??? 18000-20000 ??? ?????????????? - ?????????????????????????? 727 ??? ???????? 987
??? ?????????????? 60 ??? ????????????????????????
????????????????????????????????
???????????????????????????????????????????????? - ??????????????????????????????????????????????????
?????????? ?????????????????????????.
(?????? 18 ?.?.51)
17?????????????????????
- ??????????? 250 ??????????
- 28 ?????? 2550 ???????????????????????????????????
??????????????? ???????????????????
??????????????????????????????????
?????????????????????????????? - ???????????????????? 1000 ??? ????????????????????
????????? ??????????????????????????????? - ???????????????????????????????
?????????????????? 250 ??????? ???????????????????
? ??????????????? ???????????????????????????????
??????????????????????? - ????????????????????????????????? 200 ???????
????????????????????????????????????????????????.
(??????????? 24 ?.?. 50)
18????????????????????????
- ??????????????????????????????????????
- ?????? 2 ?????? 2552 ??????????????? ????????
????????????????????? ????????????????????????????
??????????????????????????????????????????????
30 ?????? ??????????????? ???????????????????????
6 ????? ?????????????????? 17 ??????? - ???????????????????????????????????? 2551
?????????????????????????????????????? 31 ??????
2552 ??????????????????????????? - ??????????????????????????????????????????????????
??????????? ??????? 2 ?????????????????????????.
(????????? 2 ??.?. 52)
19???????????????????
- ??????????? ?????????? 3 ??
- ?????? 15 ??????? 2552 ???????????????????????????
???????????????????????????????????????
???????????????????????? ?????????????????????????
??????????? ??????????????????????????????????????
???????? - ????????????????????????????????????????????????
11 ?? ?????????? 3 ?? ????????????????????????????
???????????????????? ??????? ????????????
?????????????????? ???????????????????????????????
?????????????? ? - ?????????????????????????????????????
????????????????????????????? 23 ???????.
(?????? 18 ?.?. 52)
20?????????????????
- ???????? 40 ???? ????????????????
- ?????? 11 ?.?. 2551 ??????????????????????????????
??????????????????????????? ????????????????????
???????????????????????? ????????????? - ??????????????????? ??????????????????????????????
???????????? ?????????? ????????????
????????????????????????????????????????????????
? ??????? 40 ??????? ?????????????????????????????
????????????????????????????????????????????? - ???????????????????????? ?????????????????????????
?????????????????????????????????????????.
(?????? 13 ?.?.51)
21????????????????????
- ???????????????????????? ????????????? 1.8 ???
- ?????? 21 ?.?. 2549 ???????????? ???????????
????????????????????????????????? ??? 180000 ???
?????????????????????????????????????????? - ?????????????????????????????????????????
?.??????? ?.????? ???????????????????????????????
????????? ??????????????????????
???????????????????????????????????????????
??????????????????????????????????? - ??????????????????????????????????????????????????
?????????? ???????????????????????????????????????
?????? ?????????????????????????????????????????.
(?????? 19 ?.?.50)
22???????????????????
- ????????????????????????????
- ?????????? ???????????????????????????
??????????? ??????????? ?????????????????????????
?????????? 13 ????? ?????????????????? 20 ???? - ??????????????????????????????????????
??????????????????????????????????????????????????
??????????????????? ??????????????????????????????
???? - ????????????????????????????? ????????????????????
???????????????????????? ????????????? ?
?????????? - ?????????????????????????????????
????????????????????????????????
?????????????????????????????????.
(??????????? 2 ?.?.52)
23?????????????? ?
- ????????????????????????
- ??????????????????????????????????????????????????
??????????????? ?????????????? 6 ??????
???????????? ??????????????????????????????? - ?????????????????????????????? ????????????????
??????????????????????????????????????????????????
??????????????????????????????? 2 ??
????????????????? 45 ??????? - ???????????????????????????? ?????????????????????
???????? 4 ??? ??????? 123 ????? ??????????? 65
???????????????????????????????????????????????.
24?????????????? ?
- ????????????????????????
- ????????????????????????????????? 8 ????
??????????????????????????????????????????????????
????????? - ???????????????????????????? ?????????????????????
????????????? 6 ??? ????????????????
??????????????????????????????????????????????????
???????????? ??????? 18 ????? ????????????????????
?? 56 ??????? ????????????????????????????????
????????????????? - ?????????????????????????????????????????
????????? 2 ???????????????????????????????
???????????????????? ????????????????????
???????????? 84 ???????.
25- ?????????????????????????
26How Fraud is Detected
- It takes 24 months on average to catch employee
fraud
Initial Detection of Occupational Frauds4
27Key Indicators of Fraud
- Tips / Complaints
- Missing / Alteration of documents
- Duplicate / Unreasonable expenses or
reimbursements - Failure of certain employees to take vacations
- Failure to follow up on past-due receivables
- Unusual write-offs of receivables
- Employees on the payroll not sign up for benefits
- Excessive purchase of products or services
- Common phone numbers / addresses of payees or
customers
28Key Indicators of Fraud
- (Continued)
- Cash shortages / overages
- Stale items on bank reconciliations
- Unexplained adjustments / Journal entries
- Unusual financial statement relationships i.e.
- Increased revenue vs. decreased receivable
- Increased revenue vs. decreased inventory
purchase - Increased inventory vs. decreased purchase or A/P
- Significant increases or decreases in account
balances - Significant changes in liquidity, leverage,
profitability or turnover ratios
29Limiting Fraud Losses
- Surprise audit and job rotation are still
overlooked by many organizations.
30Limiting Fraud Losses
- Surprise audit, job rotation, and anonymous
reporting showed the greatest impact on fraud
losses.
31Bank Case Symptoms
- Supervisory override, unusually large
transactions or with no apparent business purpose - Journal voucher contain only one signature,
containing incorrect information, fund transfer
between different customers' accounts - Deposit slip with missing information, depositor
names incomplete or not match with passbook or
acct name. - Frequent, large deposit/withdrawal in Executive
account - Deposits and withdrawals on same account on same
day or in a short period of time - Bank checks used to transfer between accounts /
checks with altered date.
32Symptoms ... More
- Purported customer signature on withdrawal
voucher and checks - Large negative balances in slush accts or
customer accts - Deposit slip of customer funds between accts of
different customers - Deposits of customer check where cash was
received back - CDs closed prematurely with proceeds put into low
interest account, sometimes with penalty - Customer not presented when account was opened,
closed or transacted - Mailing of customer statement to Executive
address
33Bank Fraud Trend
- Fraud financial cost may be three or more times
the value of loss amount - Fraud is not static. It evolves with each new
measures implemented - New opportunities for employee fraud are emerging
- Criminals thwart rules-based systems
- Silo mentality weakens fraud detection
- Top management are moving toward an enterprise
focus on anti-fraud systems - Regulatory expectations are increasing
- Solutions require commitment, investment, and
talent
34Insider Threat
- Deliberate misuse by those who are authorized to
use computer and networks. - Insiders include employees, contactors,
consultants, temporary helper, personnel from
third-party business partner, etc.
35Facts about Insider Misuses
- Most were not technically sophisticated or
complex - Most were thought out and planned in advance
- Most were motivated by financial gain
- Most perpetrators of banking and finance
incidents - Not hold technical position
- Never engage in technical attack or hacking
- Not necessarily perceived as problem employees
- Executed at workplace during normal business
hours - Detected by various channels and methods.
36Misuse of Applications
Applications Legitimate Use Misuse
Client/Server Message exchange Connectivity to server Execution of tasks Unusual exchange to degrade performance Exceedingly connection (DOS) Execute privileged procedure
Mail Clients Send and receive e-mails Illegal content / remote attack / private use / overload network
Browsers / Multimedia player Browse Internet / play files View cached file and history View illegal content Display other users viewed files and accesses
Programming Tools Develop program Display memory segment Create malware Access memory segment with sensitive information
General-purpose Applications Read / write Input strings Access temp file for sensitive information / modify temp file to change program flow Buffer overflow
37Universal of Internal Computer Fraud
37
22/08/63
38Types of Application Controls
38
22/08/63
39Example of Detection System
39
22/08/63
40???????????????????????????????
- ??? ????? Benford ???????????????????????????????
?????????????????????????????????????????
???????????????
????????????
Frequencies (percent)
40
22/08/63
41 42????????????
- ?????????????????????????????
- ??? ????????? ????????????? ???? 33 ??
- ?????????????????????????????? ???? 7
- ???????????????????????????? ?????????????? 3
- ?????????????????????? ????????????????? 9 ??
????????????? 1 ?.?. 2542 ??? ?.?. 2552 - ?????????????????? 499,272,777.95 ???
- ?????????????????????? 1 ?? 5 ????? ???????
?????? 8 ?.?. 2550 - ?????? 20 ??.?. 2552 - ????????????????????????????? ????????????????????
???????.
(????????????? 3 ?.?.52)
43?????????????
- ??????????????? 2 ???
- ??????????????????????????????????????????????? 2
????? ??? 6 ?????? ???????? 36.50 ???????
????????????? 8 ?.?. 2550 ????????? 23 ?.?. 2551 - ??????????????????????????????????????????????????
?????? ?????????????? 9 ????????????????? 3 ?????
419 ?????? ??????????? 499.27 ???????
??????????????????????????????????????
??????????????????????????????????? ?????????????
20 ?.?. 2551 ??? 20 ??.?. 2552.
(????????????? 3 ?.?.52)
44?????????????
- ????????????????????????????????
- ????????????? ATM ????????????????????????????????
?????????????? 9 ????????????????? 3
?????????????????? ???????????????????????????????
??????????????? ????? 30 ?????? ???????? 30000
??? ???????????????? 700,000 - 900,000 ??? ??????
???????? 1 ??????? ???????????????????????
???????????????????? ?????????????????????????????
???????????????????????????????.
(????????????? 3 ?.?.52)
45?????????????????
- ???????????????????????????????
- ?????? ????????????????? ????? 253.9 ???????
??????????????? ????????????????????????????
???????? - ?????? 201 ???????
- ??????????????? 28.9 ???????
- ??????? 2.2 ???????
- ?????? 4 ??? 11.8 ???????
- ?????????????? 10 ???????
- ?????????????????????????????????? 250 ???????.
(????????????? 3 ?.?.52)
46????????????
- ??????????????????????????????????????????????????
??? - ????????????????? ?????????????????????
???????????????????????? - ????????????????????????? ????????????????????????
??????????????????? (Password) ??????????????
???????????????????????? Override ??????????????? - ????????????????????????? ????????????????????????
????????????????????????????? ????????????????????
??????? Password ????????????? ??????????????????
?????????????????????????????????.
(????????????? 3 ?.?.52)
47????????????
- ??????????????????????????????????????????????????
???????? - ???? Core Banking System ???????????? Menu
??????????????????????????????????????????????????
?????????????????????????????????????????????????
??????????????????? GL ?????????
???????????????????????????? ???????
??????????????????????? 9 ????? 454.03 ???????
??????????????????????????????? 3 ????? 45.24
??????? - ?????????????????????????????????????????????
????????????????????????? ????????????????????????
???????????????????????????????????????????????.
(????????????? 3 ?.?.52)
48????????????
- ????????????????????????? Core Banking System
- ????????? implement CBS ???????? ??????????? GL
??????????? ????????????????????? GL ??????????
????????????????????????????? ?????
??????????????????????????????????????????????????
??????????? GL ????????? - ?????????????????????????? ???????????????????????
??????????????????????????????????????? ??????
??????????????????????????????????????????????????
?????????? - ??????????????????????????????????????????????????
20.00 ?. ????????????????????????????????????????
????????????????????????.
(????????????? 3 ?.?.52)
49????????????
- ?????????????????????????????????????????
- ????????????????????????????????????????? 9
????????????????? 3 ?????????????????????????????
???????????????????????????????? ???
??????????????????????????????????????????????????
???????????????????????????? - ?????????????????????? GL ????????????????????????
? ????????????????????????????????????????????????
- ??????????????????????????
- ?????????????????????????????????????????????????
????????????????????????????????????????.
(????????????? 3 ?.?.52)
50????????????????????
- ?????????????????????????????????????
- ??????????????????? ?????????????????????????????
GL ????????????????????????? ???????????????????
9 ?????? ????????? 1 ???????? 1 ?? Verify - ???????? ??? ??? ??? ????????? ???????????????????
??????? ??? Teller ????????? ? ????????? ??????
Override Limit ???????????????????? 9 ?????? - ???????????????????????????? ?????????????????????
?? GL ????? Maker-Checker ??????????????????? - ???????? Post Transaction ???????? GL ????????
?????????????? Checker ??????????????????? 9
??????????????.
(????????????? 3 ?.?.52)
51????????????????????
- ???????????????????????????
- ???????????????????????? ????????????????????????
????????????????????? 1 ????? - ????????????????????????????/????? ???????
???????????? ?????/???????????/?????/??????
????????????????? CBS - ????????????????????????????? ????????????????????
?????????????? ??????? ?????????????? ????????
??????????????.
(????????????? 3 ?.?.52)
52????????????????????
- ?????????????????????????????????????
- ????? ????????????????? ?????????????????????????
????? - ???????? ?????????????????????????????????????
???????????? ?????????????????????????????????????
??? Run ?????????????????????????
??????????????????????????????????????????????????
?????????????????????????????????????????????
?????????????????????????? ???????????????????????
??????????????????? CBS ?????????????.
(????????????? 3 ?.?.52)
53????????????????????
- ????????????????????????????????????????
- ???????? ????????????????????????????
????????????????????????? ????????????????????????
?????????????? 9 ??????? ?????????????????????????
?????????????????????? ???????????????????????????
???????????? GL - ??????????????????????????????????????????????
?????????????????????????? ??????????????????.
(????????????? 3 ?.?.52)
54- ???????????????????????
- ???????????????????????
55Managing Insider Threat
- Strong authentication / biometric technologies
- Role-based access granted on a need-to-have basis
- Rotate job function / event log reading
- Place server and sensitive equipment in secured
area - Restrict physical access / lock / alarm test
- Wear badge / background check
- Default password / unused port / log-off on
absence - Encrypt sensitive data stored on user hard drives
- Store sensitive document in secured space
- Never issue password over unsecured channels
56Aware of Warning Signs
- Rogue access point / wireless / remote
- Disgruntled employee
- A user accesses database or area of network they
have never accessed before - Download spike
57Fraud Prevention Checklist
- Good internal control
- Employee fraud awareness training / hotline
- Analytical review / surprise fraud audits
- Review company contracts
- Perception of detection / management oversight
- Proactive fraud policy and program / prosecution
- Mandatory vacations / periodic job rotation
- Screen job applicants
- Information security review / limit access /
audit trail - Management climate / employee support program
58Summary
- Auditor's roles in combating fraud
- Promote culture of honesty and high ethics
- Assess and mitigate the risk of fraud
- Ensure control adequacy and effectiveness
- Use data mining and statistical analysis tools
- Analyze financial statements reports
- Being alert on predication of fraud
- Ensure investigations are properly conducted
- Ensure proper follow-up actions are taken
- Develop your anti-fraud knowledge and skills
59About the ACFE
- The Association of Certified Fraud Examiners
- Start 1988
- Provide anti-fraud training and education
- Over 50,000 members in 125 countries
- Administrate the Certified Fraud Examiner (CFE)
designation- a certification program for fraud
practitioners recognized by U.S. Department of
Defense and FBI - More than 20,000 CFEs worldwide (5 Thais)
- 55 Membership Fee
- More information about ACFEhttp//www.acfe.com
60About CFE Exam
- Covers 4 areas
- Criminology Ethics
- Financial Transactions
- Fraud Investigation
- Legal Elements of Fraud
- 4 Exam sections of 125 questions each (75)
- Administered via computer / must complete each
section in one sitting (2.6 hr) - Complete all and return to ACFE in 30 days
- Must pass Qualifying Points System (40/50)
- 250 Application Fee
61QA
- PAIRAT SRIVILAIRIT
- SVP Head of Internal Audit
- TISCO Financial Group Public Company Limited
- Mobile 668 1903 1457 Office 66 2633
7821 Email pairat_at_tisco.co.th