The 2014 edition of the Association of Certified Fraud Examiners (ACFE) report on occupational fraud confirms and extends previous findings that fraud is a persistent threat across time and borders. Extrapolating the incidence of fraud from the 1,483 cases included in the study to the estimated world GDP, ACFE estimates that occupational fraud cost as much as $3.7 trillion in 2013.

The report classifies occupational fraud into three broad categories:

• Corruption—such as bribery, conflicts of interest, and extortion
• Asset misappropriation—such as theft of cash, fraudulent disbursements, and inventory manipulation
• Financial statement fraud

Of these, asset misappropriation is the most common, but results in the smallest median loss of $130,000 per case. Financial statement fraud is relatively uncommon, but results in a median loss of over $1 million. … Continue reading

The on-going regulatory response to the 2008 financial crisis includes the Office of the Comptroller of the Currency (OCC) Risk Management Guidance on third-party relationships, issued in October 2013. The bulletin states that the OCC expects a bank to practice effective risk management regardless of whether the bank performs the activity internally or through a third party.

“A bank’s use of third parties does not diminish the responsibility of its board of directors and senior management to ensure that the activity is performed in a safe and sound manner and in compliance with applicable laws.”

In a recent speech before the Risk Management Association, Thomas J. Curry, Comptroller of the Currency, emphasized the importance of managing the risks “associated with bank systems and processes” even above credit risk. He noted banks’ “increasing reliance on third parties” and the systemic risks they impose. … Continue reading

Despite the wealth of well-publicized information about the high prevalence of organizational fraud and the high costs of fraud, it is always surprising to learn that so many companies operate without systematic fraud prevention programs, or fail to review their programs on a regular basis.

In fact, there are very important reasons fraud prevention is worth the effort. Here are some of them: … Continue reading

The Edward Snowden case and the theft of Target customer data have both driven home the point that cybersecurity is an emerging, and rising, risk issue for both companies and political entities. But there are other risks that emerge as rapidly-changing multi-market regulatory and business interactions redefine the landscape.

Every year business consultant CEB (Corporate Executive Board) issues a list of emerging risks that sharp companies need to address to stay ahead of the game. This year they recommend managers pay special attention to these 10 specific risks: … Continue reading

The Office of the Comptroller of the Currency (OCC) is focused on the responsibility of financial institutions—national banks and Federal savings associations—to be responsible for the risk management of business operations whether they are performed internally or through third party vendors.

CIT companies are clearly included in this mandate.

The OCC recognizes that the growing interconnectedness of banks with third party cash management service providers has created new sources of risk due to gaps or inconsistencies of controls that can occur where distinct businesses interface. In everyday terms, this means there can be situations where “no one is in charge.”

Since the OCC is responsible for the security of the overall financial system, it is moving to make banks accountable for the gaps and inconsistencies between them and third party vendors that may pose risk to the system.

This creates specific kinds of difficulties for banks because they can be held accountable for the actions of organizations they do not own. Banks and their third party vendors, including CIT businesses, have different regulatory, standard practice, and incentive profiles, as well as different cultures and assumptions.  It will take especially thorough due diligence to write contracts that lay out the important responsibilities and performance expectations for the different parties to get all the entities on the same page.

In these circumstances, monitoring performance takes on greater importance. There is a substantial possibility that unanticipated gaps or inconsistencies will emerge despite careful risk management planning. Banks have a strong incentive to measure performance and find irregularities as quickly as possible. … Continue reading