In the PNB fraud case, investigators discovered that SWIFT system was misused by the unauthorized personnel’s. While banks deal with various types of frauds, malicious elements find weak elements in every process and regulations. This article examines how banks can implement preventive security controls…
Banks face an ever-increasing financial fraud cases and challenges to cope with them from both internal and external aspects. Banking frauds raises questions on the credibility of the fraud detection systems and the technological capabilities to monitor the financial institution. Banks and financial institutions are being deceived by fraudsters, thus destabilizing the consumer’s confidence. With such frauds becoming more common, Reserve Bank of India (RBI) has mandated banks to comply with recommended technological security measures and improve risk management system for fraud detection and reporting process. Thus, there is a growing need for banks to deploy real-time detection and prevention of frauds. The rise in bank frauds mandates for tightening of banking regulations, deploying robust risk management and anti-fraud systems.
The following are some of the processes through which banking systems can be secured
Unauthorized persons handling passwords for authentication of SWIFT system have exposed the need of multi-factor authentication.
One of the best technical approach to contain banking frauds is through strict implementation of multi-factor authentication in a multi-layered security structure. This is one of the proven method that is successful in thwarting fraud. But again, there is no one silver bullet that will absolutely detect every fraud. So, the logic is — if you put all the security protection mechanisms in a single process, chances are high for the process to be compromised, and the intruder will have all access. This multi-layered approach from both hardware and software systems, will minimize the chances of frauds.
Fraud Risk Management
The significance of fraud risk management should not be negated by the banks. Better emphasis on utilizing of risk management systems and heightened use of intelligence is necessary to effectively respond to detect suspicious transactions and monitor the process to mitigate the frauds. The fraud monitoring system should provide a comprehensive MIS report for the senior management for oversight and supervisions of the banking system.
A minimum level of banking regulation and supervision by the state is absolutely necessary to regulate the banks. RBI has already directed banks to continuously monitor transactions and establish an integrated fraud risk management framework.
In the case of Punjab National Bank based scam, investigators discovered that SWIFT messages were sent out issuing guarantees to private persons, which were not authorized in the main bank accounting system. Hence, the supervisors are to be questioned why the list of guarantees that were given through SWIFT is not represented in the bank accounts. Supervisors can also assess the weekly reports that the RBI gets from banks on forex activities, rules that mandate regular transfers of people in sensitive positions, etc. Non-compliance of regulations leads to breakdown of banking risk management system.
Strengthening Internal Checks & Process
Banks should realize the rising graph of frauds seriously and ensure that there is no laxity in internal control mechanism. A strong system of internal control and good employment practices is the one of most effective way of fraud prevention and mitigate losses. The effectiveness of internal controls depends largely on management’s integrity.
In banking operations, monitoring every process whether it’s automated or manual is an crucial process. Banks are dealing with public’s money and hence it’s imperative that bank employees exercise due care and diligence in handling the transactions. Both offsite and real-time monitoring of frauds is crucial which is based on learning insights from historical fraud instances from the current industry landscape. The response system parameters of the existing fraud identification and monitoring methods should be assessed in terms of emerging risks. Currently, there is a stringent need for robust monitoring of high value banking transactions.
Mandatory Checks & Controls
Dual and triple checks and controls in banks for sensitive operations and transactions should be made mandatory. Triple controls, where one person creates the transaction, a second person approves it, and then a third person actually sends the transaction is a time tested and proven process. Actually, poor internal controls always increase the chances of banking frauds.
To minimize banking frauds, internal auditors should setup a strong prevention systems based on the fundamental principles of reliable internal control process be installed. To mitigate frauds, banks must setup a strong internal audit department with all the resources to analyze and investigate the anomalies in any financial transactions. Forensic Chartered Accountants (FCAs) should be employed to dig out the malicious transactions using reliable software and hardware tools.
Create Fraud Awareness
Banks should increase their efforts to raise the level of security awareness amongst their staff to combat frauds. Continuous education and awareness of fraud monitoring process is crucial in a banking system. The real solutions won’t come until financial institutions and their corporate management think alike on banking security and realize the real risks they face and implement solutions to mitigate those risks.
Currently, there is a high priority to identify early warning signals to capture frauds close to their occurrence. There is a urgent need of a centralized framework that can address fraud risks associated with various forex transactions and provide insights to stakeholders to take preventive action at the right time. This in turn narrows the time taken to detect the fraud losses and helps the banking management to have a more focused strategy to address fraud-related risks.
The evolving banking frauds requires automated detection systems and robust fraud defense processes. Purchasing and deploying an off-the-shelf fraud detection and reporting system may not always equip the bank with the most effective technical solution or strategic methods to deal with banking frauds. Selecting the right security framework and a seamless integration of banking fraud detection and reporting systems is integral to secure business and customer interests.
Banking fraud is a global menace and over past few years frauds in Indian banks have increased considerably. The harsh reality in banking frauds is that — it has not only resulted in banks losing millions of currency but banks also have to suffer irreparable reputational damage!