Principle
| |
Member Organisations should define, approve, implement and maintain a Fraud Response Plan to outline the organisational response to an actual or suspected fraud incident.
| |
Control Requirements
| |
| a. | The Fraud Response Plan should be defined, approved, implemented, maintained and where appropriate aligned with the enterprise incident management process.
| |
| b. | The compliance with the Fraud Response Plan should be monitored.
| |
| c. | The effectiveness of the Fraud Response Plan and related controls should be measured and periodically evaluated.
| |
| d. | The Fraud Response Plan should require prompt and competent assessment, investigation, and resolution of all suspected or identified fraud.
| |
| e. | The Fraud Response Plan should include at a minimum:
| |
| | 1. | The methods through which the Member Organisation is alerted to suspected or identified fraud, including reporting channels available to customers, employees and third parties.
|
| | 2. | Roles and responsibilities for individuals and teams required to respond to a potential fraud.
|
| | 3. | Decision making authority and referral procedures for escalations within and outside the Member Organisation (e.g., referral to specialists for complex cases, Senior Management for potentially material frauds, external counsel if there are legal concerns).
|
| | 4. | Service Level Agreements (SLAs) for response to initial fraud reports.
|
| | 5. | Procedures to quickly respond to potential fraud cases identified by the Member Organisation, informed by the customer or notified by other organisations. This should include precautionary measures to freeze funds received until the integrity of the source is verified if it is suspected that inbound transactions are the result of fraud.
|
| | 6. | The actions the Member Organisation will take when fraud is suspected or has been identified, including but not limited to:
|
| | | a. | Coordinating appropriate resources to manage alert and case volumes.
| |
| | | b. | Recording and performing an initial assessment of all alerts or formally submitted reports of fraud.
| |
| | | c. | Where an alert or referral is assessed as not requiring further investigation, recording a rationale explaining the decision.
| |
| | | d. | Investigating all instances where it is suspected fraud may have been committed or has been identified.
| |
| | | e. | Keeping a comprehensive record of all evidence and investigations of potential and actual fraud for a period defined in the record retention schedule of the Member Organisation and in compliance with Article 12 of the Anti-Money Laundering Law.
| |
| | 7. | The process to be followed in the event a potential fraud incident is detected outside of the normal working hours of the Member Organisation.
|
| | 8. | The requirement to initiate an immediate response when a potential Wholesale Payment Endpoint Security fraud is identified.
|
| | 9. | Where an actual or potential fraud relates to services offered to a customer or a payment to/from a Member Organisation or a customer, the Fraud Response Plan should require Member Organisations to:
|
| | | a. | Identify if a potentially fraudulent transaction has been completed or is in the process of being completed.
| |
| | | b. | If a transaction has not been completed: Take immediate action to block or hold the transaction and proactively coordinate with any corresponding Member Organisations to take the required actions taking into consideration the role of Sharing Room - Operational Centre.
| |
| | | c. | Proactively respond to requests relating to suspected fraudulent transactions when receiving a notification from another Member Organisation based on agreed protocols for the Sharing Room - Operational Centre.
| |
| | | d. | Block or freeze the product (or any associated services such as compromised credit or debit cards) to prevent further transactions until the investigation is complete and where necessary security credentials are reset or a new card is issued.
| |
| | | e. | Block any further transactions to or from any IBANs outside the Member Organisation which were used to perpetrate the fraud and share the IBAN with the external organisation to freeze the account.
| |
| | | f. | Cooperate with other organisations if a request for freezing a product is received and there are justifications for suspicion.
| |
| | | g. | If a transaction has been completed and an investigation confirms a transaction is fraudulent: Reverse the transaction or seek return of funds where possible.
| |
| | | h. | Contact the customer or third party to communicate actions taken and next steps.
| |
| | | i. | Verify the identity of the customer before re-activating services after an account has been frozen due to exposure to fraud.
| |
