Effective fraud risk management in banking sector

Every business, irrespective of locality, type or size has to face the risk of fraud. Frauds can be committed by customers, stakeholders, staff and managers of an organisation. The nature of business of banking sector is unique and completely different from other businesses. Banking sector industries deal with monetary transactions, cash and negotiable instruments of ordinary people and the ultra-high net-worth investors and these are the custodians of deposit-holders' money. They make monetary transactions globally and every moment face the risk of fraud, embezzlement and money laundering more than any other business organisations.
The collapse of Lehman Brothers and Freddie Mac, two major financial institutions in the US and the bailout of American International Group (AIG) by the Federal Reserve Bank of America, simply recaps the idea and importance of fraud risk management in banking sector industries in developed and developing countries. The collapse of these financial institutions were as a result of losses incurred in their financial statements from bad loans granted to unqualified borrowers capping in the global financial crises. The borrowers took the loans by committing larceny which the financial institutions failed to perceive or to prevent at the time of occurrence.  
Banking institutions have to pursue the risk management principles to curb financial maladies and stop financial losses and violations of accepted lending principles which will in turn lead to a counter-effect on the investors, creditors and other stake holders of the banking institutions.
Risk management assumes importance considering the economic crises in Europe, the US and the UK which have hit the governments, banks, creditors and  more importantly, the people of the country whose lives are badly battered by unemployment, inflation leading to public commotion. All these show poor control and regulatory measures of the central banks of the respective countries. Greece, Portugal and Italy are some examples of poor risk management compliance and control.
In the context of Bangladesh, effective fraud risk management is extremely essential. The increase of non-performing loans (NPL) in both public and private sector banking institutions, the alarming loan scams, notably of Hall-Mark and Destiny Group, and increase in classified loans are really worrying. A whopping amount of bad loans of Tk 156.67 billion was written off during the last five years which was almost half of such loans erased by the banks from their balance sheets since the system of loan write-off was introduced in 2002. According to Bangladesh Bank, loans of Tk 315 billion have been written off as of March 2014. Annual average amount of written-off loans stood at Tk 30.66 billion during the last five years, while it was about Tk 15.83 billion till 2009.
Meanwhile, corrupt bankers are funneling loans worth billions of taka to businessmen backed by the country's political bosses, accepting forged and fabricated documents and waiving the collateral security rules. In August 2014, the central bank unearthed a Tk 36 billion loan scam in one of the country's largest banks, where loans were granted to a little-known business house without the minimum collateral required as security. The present uneconomic and financially undesirable situation in this sector demands effective fraud risk management that will help bring down fraud, corruption and inefficiency of the management of the banking institutions. An effective fraud risk management system would have prevented such type of loan scams and would have saved the banking institutions from incurring massive losses.
Risk management is an essential part of helping the banking institutions grow while keeping an eye on the potential consequences if something goes off the track. Risk management is a very big area of banking; it has a controlling role in the business.
The vulnerable and risky areas of a banking institution have been identified by analysts and economists are credit risk management, market risk management, investment risk management, operational risk management, liquidity risk management, internal and external fraud management and defective IT systems.
The field of credit risk gained considerable momentum in recent years due to the increased competition in the field and the challenges of the present financial crisis. Credit risk is one of the main risks of banking industries, especially commercial banks that will affect the banks' ability of sustainable operation. Commercial banks assume credit risk when they act as intermediaries of funds and credit risk management lies at the heart of commercial banking. Studies of banking crises show that the most frequent factor in the failure of banks has been poor loan quality, over-valuation of collateral assets and over- invoicing of imported plants and machineries.
CREDIT RISK MANAGEMENT: The credit risk management process of a bank is believed to be a good indicator of the quality of the bank's loan portfolio. Credit risk emerged as a significant risk management issue during the 1990s. Credit risk covers all risks related to a borrower not fulfilling his obligations on time. Even where assets are exactly matched by liabilities of same maturity, the same interest rate conditions and the same currency, the only risk on balance sheet remaining would be credit risk. There are two main types of credit risk that a portfolio or position is exposed to, credit default risk and credit spread risk.
Banks can reduce credit risk by raising credit standards to reject risky loans, obtaining adequate collateral and guarantee, ensuring compliance with loan agreement, transferring credit risk by giving standardised loans, transferring risk of changing interest rates by hedging in financial futures, by using swaps, by creating synthetic loans through a hedge and interest rate futures to convert a floating rate loan into a fixed rate loan and making loans to a variety of firms whose returns are not perfectly correlated.
Credit rating reports from the professional credit rating agencies of the borrowers are important tools to judge the credit-worthiness of borrowers. The financial institutions need to strictly follow the terms and conditions of the loan agreement with the borrowers.
It happens off and on that bank officials disburse loan without fulfilling the terms and conditions of the loan agreement, either due to undue influence and pressure of the board of directors or from the borrowers. In Bangladesh's industrial arena, it is noticed that many industries imported plants and machinery from abroad by opening letters of credit with the loan-giving banks and could not start production for non-availability of gas and energy although it is clearly mentioned in the loan agreement that no disbursement of fund shall be made without gas connection to the proposed industry. Finally, investment of the concerned bank ends up as a bad loan due to non-compliance with the loan agreement terms and conditions.
FRAUD RISK MANAGEMENT: Fraud risk management has three main components, namely, prevention, detection and response. Preventive controls are designed to help reduce the risk of fraud, embezzlement and misconduct from happening at the first place. To be effective, the concern and tone for fraud risk management must start at the top. While the overall responsibility of risk management rests with the board of directors (BOD), it is the duty of senior management to transform strategic direction set by the board in the shape of policies and procedures and to institute an effective hierarchy to execute and implement those policies.  To ensure that the policies are consistent with the risk tolerance of shareholders the same should be approved by the board. The BOD of the banking institutions which is the policy and decision-making final authority has a crucial role to play in fraud risk management. It plays an important role in the oversight and implementation of controls to mitigate the risk of fraud and misdeeds. The board together with the management is responsible for setting the tone at the top and ensuring institutional support is established at the highest levels for ethical and responsible business practices. Directors have not only a fiduciary duty to ensure that their organisations have programmes and controls in place to address the risk of wrongdoing but also to ensure that such controls are operative.
Not all risks are created or end equally. Banks need to be watchful of credit, market, and operational risks. Within the three main areas of risk, further stratification is needed to allow for a comprehensive overall view of risk. Tools such as Value at Risk , Monte Carlo simulations, Cash Flow at Risk, stress testing, and others are applied to judge the level of risk and subsequently the actions required to encompass the risks. Yet within banks there is often a lack of tools and sophistication to keep pace with a rapidly changing set of products. At any point of time, one or more risk elements may be more relevant than others, but the bank needs to know its risk framework and monitor developments in real time to provide the right level of attention and action.
Canadian banks seem to have fared better than banks in other western countries. Canadian banks in general steered away from the credit derivative craze, implementing a more conventional approach as other banks were ambitiously buying the risky instruments. By taking a big picture view, Canadian banks avoided a major meltdown. There appears to be a more risk-averse culture in Canada running through government, the public and banks. Canadian banks benefited from prudent and disciplined risk-management practices, and higher capital ratios before crisis. The fact that Canada's major investment banks were part of large diversified financial services institutions also played an important role. The banking institutions in the developing countries may take the example of risk management techniques used in Canada and may be gleaned in fraud risk management.
DISCIPLINARY SYSTEM: Accountability at all levels of responsibility from the teller to CEO must be established to protect the banking organisations from fraudsters. A consistent disciplinary system is a key control that can be very effective in deterring fraud devices from the intruders. Actions -legal and departmental, are extremely essential. Corrupt politicians, terrorists, arms traffickers, drug smugglers, tax evaders and other criminals cannot commit their crimes if they can't move and launder their money. They all rely on two key tools to do this: anonymous companies that allow them to hide their identity, and banks and other financial institutes willing to do business with them. Proper enforcement of anti-laundering rules and regulations is needed so that financial organisations cannot get away by taking huge amounts of money. Identifying and exposing the organisations and their corrupt officials who are party to stealing of the money will have a positive effect on reduction of fraud in financial organisations.
While senior management and the board are ultimately responsible for a fraud management programme, internal audit can be a key player in helping address fraud. By providing an evaluation of the potential of occurrence of fraud, internal audit can show an organisation how it is prepared for and is managing these fraud risks. In today's automated world, many business processes depend on the use of technology. This allows for people committing fraud to exploit weaknesses in security, controls or oversight in business applications to perpetrate their crimes. However, the good news is that technology can also be a means of combating fraud. Internal audit needs to view technology as a necessary part of their toolkit that can help prevent and detect fraud. Leveraging technology to implement continuous fraud prevention programmes helps safeguard organisations from the risk of fraud and reduce the time it takes to uncover fraudulent activity.
The writer is the CFO of a private group of companies.  
[email protected]