Principle
| | |
Member Organisations should establish and maintain a Counter-Fraud Governance Structure owned by Senior Management with responsibility for oversight and control of all aspects of the organisational Counter-Fraud Programme.
| | |
Control Requirements
| | |
| a. | Member Organisations should establish and maintain a dedicated Counter-Fraud Governance Committee (CFGC).
| | |
| b. | The CFGC should be headed by a member of the Executive Committee (e.g., CEO, CRO or equivalent).
| | |
| c. | The following positions at a minimum should be represented in the CFGC:
| | |
| | 1. | Head of Counter-Fraud/Senior Manager accountable for the Counter-Fraud Programme.
| |
| | 2. | Chief Risk Officer.
| |
| | 3. | Chief Operating Officer.
| |
| | 4. | Head of Digital.
| |
| | 5. | Heads of relevant business departments or product owners (e.g., General Manager of Retail/Corporate).
| |
| | 6. | Senior Managers from all departments involved in fraud risk management (e.g., Operational Risk Management, Cyber Security, Counter-Fraud Department, Analytics, Compliance).
| |
| | 7. | Internal Audit should attend as an “observer”.
| |
| d. | A CFGC charter should be developed, approved, and reflect the following:
| | |
| | 1. | Committee objectives.
| |
| | 2. | Authority and accountability of the committee.
| |
| | 3. | Roles and responsibilities.
| |
| | 4. | Minimum number and role of meeting participants required to meet quorum.
| |
| | 5. | Meeting frequency (minimum on a quarterly basis).
| |
| | 6. | Escalation process for fraud issues or incidents to Board level.
| |
| | 7. | Documentation and retention of meeting minutes and decisions.
| |
| e. | The CFGC should at a minimum be responsible for:
| | |
| | 1. | Approving, supporting, communicating, and monitoring:
| |
| | | a. | Counter-Fraud Strategy.
|
| | | b. | Counter-Fraud Policy.
|
| | | c. | Fraud Risk Management Framework that should include at a minimum:
|
| | | | i. | Intelligence Monitoring process.
| | |
| | | | ii. | Fraud Risk Assessment.
| | |
| | | | iii. | Fraud Risk Appetite
| | |
| | | | iv. | KRIs for fraud.
| | |
| | | d. | Management Information
|
| | 2. | Providing leadership, direction, and oversight of the Member Organisation’s Counter-Fraud Programme.
| |
| f. | Member Organisations should appoint an appropriately qualified and experienced Head of Counter-Fraud as accountable for the Counter-Fraud Programme at Senior Management level (see control requirement 3.5.e).
| | |
| g. | Member Organisations should establish a documented and approved process for Counter-Fraud budget and spending prioritisation which should align with fraud strategic objectives.
| | |
| h. | The overall Counter-Fraud budget should be monitored, reviewed periodically, and adjusted accordingly by the CFGC to meet the Counter-Fraud and business needs.
| | |
| i. | Member Organisations should define roles and responsibilities of Senior Management and Counter-Fraud Department employees using a responsibility assignment matrix, also known as RACI. The RACI Matrix should outline who is responsible and accountable for Counter-Fraud processes and controls, as well as who should be consulted or informed.
| | |
