Skip to main content

5.3. Monitoring to Detect Fraud

No: 000044021528 Date(g): 11/10/2022 | Date(h): 16/3/1444 Status: In-Force
Principle 
 
Member Organisations should design and implement controls to monitor activities and behaviour in order to detect potential indicators of e xternal fraud and internal fraud
 
Control Requirements 
 
a.Member Organisations should design and implement controls to monitor customer products and services for behaviours that may be indicative of external fraud. At a minimum these should address the risk presented by:
 
 1.First party fraud - Where a customer of the Member Organisation misrepresents their identity or gives false information to commit fraud using their own account, loan application or other product.
 
 2.Second party fraud - Where a customer or individual knowingly provides their personal information or allows their identity to be used to commit fraud.
 
 3.Third party fraud - Where a non-customer of the Member Organisation obtains a customer's details without their consent or knowledge, then uses the information to commit fraud.
 
b.Member Organisations should design and implement controls to monitor employees in roles which have been identified in the Fraud Risk Assessment as presenting a risk of internal fraud, including but not limited to:
 
 1.Audit trail of employee access to the Member Organisation's core systems.
 
 2.Systematic log of staff activity for all customer and financial accounting systems and databases (e.g., recording an audit trail of an employee making changes to a customer address, adding a payee, instructing a payment, authorising a withdrawal).
 
 3.Monitoring for unusual behaviours or activity (e.g., transactions outside working hours, process exceptions or overrides completed without appropriate approvals).
 
 4.Reconciliation and settlement of finance systems and organisation internal bank accounts.
 
 5.Enhanced oversight of payments to Member Organisation employee's accounts.
 
 6.Monitoring and appropriate approval of corporate card use and expense claims.
 
 7.Monitoring of employee complaints and anonymous reporting lines.