Financial crime is detrimental to reaching the UN’s Sustainable Development Goals. Financial crime is a law enforcement priority in jurisdictions around the world yet it continues to undermine global financial systems, impede economic growth and cause huge losses to businesses and individuals.
Financial crime refers to illegal acts committed by an individual or a group of individuals in order to obtain a financial or professional advantage. The principal motive is economic gain. One important UN Sustainable Development Goal is to substantially reduce corruption and bribery as well as to combat all forms of organized crime. Despite this and fueled by ever-increasing globalization and digitalization, criminals are able to commit financial crime with increasing efficiency and sophistication with often major consequences for victims.
Financial crime has taken on a whole new dimension with the rapid advancement of digital technology combined with deceptive and sophisticated social engineering techniques. While bribery and corruption, together with money laundering, remains a concern, the illegitimate use of virtual assets, cryptocurrencies, CEO fraud and ransomware attacks have all matured significantly in recent years and are now widespread methods to facilitate crime, according to Interpol. In the Nordic countries, law enforcement agencies experience the same trend.
Financial crime risk can be mitigated with a robust Governance, Risk and Compliance framework. A fraud risk management (FRM) program should demonstrate adequate governance and internal control. The key components of a FRM program are aligned with the COSO framework. COSO is the most commonly used internal control framework, developing thought leadership regarding internal control, risk management, governance and fraud deterrence.
Risk generates both new challenges and opportunities. We have classified key drivers for the needs of management, workforce, and operations of organizations to provide a background for the new opportunities.
Fraud risk management framework includes 1) Risk governance, 2) Risk assessment, 3) Control activities, 4) Investigation and corrective actions, and 5) Risk management monitoring.
Lack of governance can result in ad-hoc and event-driven risk management. Management should establish comprehensive fraud risk governance including fraud risk governance roles/responsibilities.
Commitment from top management to integrity and to creating and maintaining an ethical culture is paramount in order for organizations to prevent, detect and respond to financial crime.
By reviewing and updating your overall GRC framework, including establishing an overall risk-based fraud risk management framework (“prevent, detect and respond”).
By conducting fraud risk assessments, considering all elements of the fraud triangle and by conducting ABAC (Anti-bribery and Anti-corruption) audits and reviews.
By reviewing, revising or creating corporate governance policies, business code of conduct, supplier code of conduct, fraud policy, whistleblower policy and response protocols.
Lack of structure and formality can hinder fraud risk management. A fraud risk policy should provide detailed guidance as well as clearly defined roles/responsibilities.
Fraud risk assessments are key to identify operational risk. Fraud risk assessments should include entity, subsidiary, division, operating unit, and functional levels. Both external and internal risk factors.
The risk of fraud, misconduct and non-compliance can be mitigated through business-wide and role-related guidelines, awareness, and training.
By assisting in developing fraud indicator/red flag lists and by conducting fraud risk awareness training customized to various functions, departments or equivalent.
By conducting Integrity Due Diligence on suppliers, customers and employees. By conducting conflict of interest assessments and developing or revising KYC and AML/TF governance.
By providing outsourced or co-sourced internal audit or supporting in designing and executing audit plans to examine and report on areas of operational risk including fraud risk.
Timely detection is key to mitigating consequences. Fraud deterrence is achieved through a combination of preventive and detective controls.
Organizations must be able to timely detect fraud, misconduct and non-compliance. Anti-fraud controls must be risk-based and prioritized, as well as continuously monitored and evaluated.
Fraud can have severe financial and reputational consequences. Essential preparation includes establishing fraud investigation and response protocols.
By supporting in developing and implementing a robust governance structure, policies, education and training.
By developing business intelligence, compliance monitoring, dashboards and data analytics. By performing penetration testing and supporting you in cyber security strategy, operations or tactics etc.
By providing and establishing whistleblower hotline and governance as well as conducting fraud risk investigations.