1. Dalit, can you please tell the Center for Financial Professionals about yourself and your experience in the Operational Risk and fraud management industry?
I have a 20+ year diverse experience in the prevention, detection and investigation of fraud and misconduct. I have spent considerable part of my career in conducting large and high- profile investigations and assessing allegations of financial irregularities, corruption, bribery and conflicts of interest. Many of these projects were in connection with regulatory proceedings and law enforcement actions.Working with financial institutions and other corporations I designed strategic anti-fraud programs; led fraud risk assessments and developed fraud detection and prevention protocols. Many of these engagements included focused assessment of fraud governance structures, fraud reporting protocols and anti-fraud controls.Since joining TIAA Financial Services Enterprise Risk Managements, I am responsible for establishing TIAA’s Enterprise Risk Management response to fraud and misconduct and for demonstrating TIAA’s commitment to protecting our client assets from the risk of fraudulent activity.
2. Without giving too much away, can you provide an overview as to the requirements of the new guidance issued by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) and the Association of Certified Fraud Examiners (ACFE)?
The Fraud Risk Management Guide (Managing the Business Risk of Fraud: A Practical Guide) was issued in the fall of 2016. It will be familiar to operational risk professionals, as the new guidance follows the 2013 COSO framework. Its five principles are consistent with the five COSO Internal Control Components and the 17 COSO principles.The Fraud Risk Management Guide provides useful direction to organizations seeking to establish-or to enhance- their fraud management programs. It includes a very detailed approach to conducting a fraud risk assessment, which is the cornerstone of robust fraud management. It consists of guidance on establishing an overall fraud risk management program including fraud risk governance policies; designing and deploying fraud preventive and detective control activities; conducting investigations, and monitoring and evaluating the total fraud risk management program.This new guidance enhances prior guidance updating it for more recent developments, revising terminology to be consistent with newer COSO terminology, and adding information to keep up with technology developments, specifically data analytics. It is consistent with prior guidance by a number of professional organizations including the America Association of CPAs (AICPA), Institute of Internal Auditors (IIA) and the ACFE. This guide is comprehensive and it draws from experience that was gained since fraud management requirements were introduced in the early 2000s.
3. What are the key considerations which professionals/companies must take in to consideration when measuring the impact of fraud events and other challenges?
Measurement of fraud is an important component of fraud governance. Accurately measuring fraud events, regularly reporting their impact, and reporting them to executive management and to the Board are critical to sound fraud governance.When properly done, fraud measurement and analysis allow organizations to explore trends in their loss data, near-loss data and develop a perspective regarding the effectiveness of anti-fraud controls.Further, measurement and analysis of fraud events provides a significant window into identification of new schemes and to gaps in anti-fraud controls due to introduction of technology tools and evolving business needs. Careful monitoring of fraud events and their analysis will assist in making accurate investment decisions and in resource allocation.
4. How important is it that organisations must measure fraud through KRIs and metrics, especially as fraud is considered a key operational risk to the reputation and profitability of an organisation?
Fraud KRIs play a critical role in risk mitigation. First, like other operational KRIs, they allow to track important risk exposures and allow comparison over time and amongst business units. When adequately defined and monitored KRIs provide ‘closer to real-time’ information that could be aggregated, analyzed, and escalated.In addition, fraud KRIs are useful in facilitating honest discussion between risk management and business executives regarding fraud losses and underlying risks that an organization seeks to accept when pursuing specific business objectives. KRIs provide a platform to discuss investments in anti-fraud controls technology solutions.KRIs discussions are, of course, beneficial as fraud risk appetite is often a tricky concept to articulate, in particular for financial institutions whose reputation is paramount.
5. We look forward to you leading a Masterclass at the upcoming Risk Americas 2017 Convention: Fraud Management, May 25. What are the key topics and highlights which will be discussed during the Masterclass?
The Masterclass-which is designed as an interactive and practical panel discussion-will focus on sharing lessons learned in addressing the requirements established in the new Fraud Risk Management Guide issued by the ACFE and COSO and expectation by law enforcement and regulators.We will tackle some of the most common complexities in fraud management in financial institutions. In particular, those encountered in planning and execution of fraud and misconduct risk assessments. We will explore challenges associated with coordination between various financial crime functions within a financial institution, in governance, handling of fraud events, communication, and reporting of fraud and misconduct internally and to regulators. I am honored to be joined by two highly qualified experts: Polly Greenberg, Duff & Phelps, who is a former Chief, Major Economic Crimes Bureau, New York District Attorney’s Office; and Eva Weiss, a Senior Adviser to StoneTurn Group who has been involved in assisting financial institutions in improving their anti-fraud programs and controls. They will be providing their unique perspectives on factors that contribute to successful resolution of the described challenges.
6. How do you see the role of the operational risk professional, changing over the next 6-12 months, especially with increasing technological and political advances changing?
Fraud risk management in financial institutions is a highly dynamic field. We see a convergence of fraud and security risks in the financial services industry.
For the foreseeable future, corporations will continue to be vulnerable to risks associated with fraud and cyber-attacks which often require coordinated solutions.
In addition, transactional fraud monitoring is no longer viewed as sufficient to effectively mitigate fraud. There are technology solutions that could be useful as voice biometrics and digital fingerprinting. These technological solutions require acquisition, implementation and careful tuning. These solutions are costly and might not be easy to scale.
Risk professionals need to keep up with technology solutions and become familiar with what these tools can offer and what they don’t.