Skip to main content
Back Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

  • Terms of Reference for A Fraud Committee

     

    SAMA Banking Inspection Department December, 1997

    Fraud Committee

    • Background

      Banking business has become increasingly complex and banks now take many different type of risks. Included in this profile of risk also includes fraud which relates to physical losses and is generally covered under operational risk. The consultative paper entitled "Core Principles for Effective Banking Supervision" by the Basle Committee in April 1997 has also appropriately recognized risk management which includes operational risk as its core principle # 13.

      In this regard, SAMA has recently issued (June 1997) a document entitled "The Management of Operational Risk through Appropriate Insurance Schemes". SAMA expects that all Saudi banks will adopt and implement the key features of this document in their internal management system with the objective that all related risks are systematically identified and controlled through management action.

      Potential for fraud is likely to increase with the advent of technology and as banks venture further into new products and services, geographical areas and markets. Further, it is certain that Saudi banks are increasingly affected by the continuing momentum of global automation, inflow and outflow of pilgrims, internationalization of markets and the advent of sophisticated products.

      In view of these challenges, the SAMA decided a few years ago to structure various Bank Committees under its auspices, for providing mechanism where all Saudi Banks could assemble, deliberate and discuss common issues and concerns. One of the committees being proposed is the Fraud Committee.

      Given the significance and underlying importance of regulating and supervising fraud, the SAMA wishes to give this committee the posture it deserves. Therefore, this committee is going to be an independent Banking Committee, whose chairman and his other senior members would liaise, discuss and deliberate matters of mutual interest related to fraud with senior SAMA officials. The Committee subject to SAMA's approval would be entitled to appoint specific sub committees accountable to it in all respect.

      At this committee meetings, representatives of the banks will share their experiences with respect to fraud, provide the bank's point of view for resolving common problems, as well as providing inputs to SAMA for framing supervision policy.

      Major types of fraud include:

      1. Money laundering
      2. Forgery
      3. Counterfeit currency
      4. Electronic crimes
      • ATM
      • Payment Cards
      • Commercial Services
        • Cash Management Services
        • Electronic Data Interchange
      • Retail Electronic Banking
      1. Employee fraud

      Further, sub committee may be formed in order to afford a sharper focus on specific fraud types such as employee frauds, payment card and Technology fraud, etc., and at the same time to address other constraints such as confidentiality, timing and scheduling, etc.

    • General Objectives And Mandate of The Committee

      1. Issues must focus on areas which are in the interest of the long term management and containment all types of fraud occurring in the banking system, as well as enhance control, efficiency and supervision.
      2. Committee members are expected to jointly identify, analyze and discuss all bank related fraud cases and issues pertaining to their respective bank's experience. Those internal fraud cases which may be sensitive may not be discussed in detail, however, the lesson learnt from such cases in a general sense should be brought to the forum.
      3. Effective policies, process and procedures are implemented to detect, control and report frauds of all types.
      4. Discussions must be held in an organized and democratic manner to ensure all viewpoints are aired and objectives of the Committee are achieved.
      5. The Committee is expected to keep itself abreast of all international and local development in relation with (i) occurrence of major fraud (local and international) (ii) current responses by the international banking community to response to such fraud including technological developments.

    • SAMA's Role And Responsibility

      1. SAMA would normally nominal senior officers as its representatives to attend fraud committee meetings. They would act as observers in such forums.
      2. SAMA would respond to issues raised and proposals put forward by banks at its own discretion within a reasonable span of time. These proposals should normally reflect the position of all fraud committee members, and in their own rights be comprehensive and of sufficient overall quality with respect to depth and breadth to facilitate SAMA policy makers to recommend appropriate policy responses.
      3. SAMA representatives are to ensure that to the extent possible, banks are appraised of SAMA policies, directives and viewpoint on issues. Where possible SAMA representatives will put forward the constraints and concerns of other government ministries. Their effort would be to enable the committees to work in a positive and efficient manner.
      4. The meetings are to be conducted with the full knowledge of SAMA and the minutes of Committee meetings to be taken by the secretary of the Committee. These minutes are to be approved by SAMA before being issued.
      5. Keep itself abreast of all international regulatory and prudential developments related to operational risks, fraud, etc.

    • Bank's Role And Responsibilty

      Each bank should nominate, select and appoint its representatives with proper fraud background related to the Committee's mandate. These individuals are responsible for the following;

      1. Keep themselves abreast and aware of all the fraud related rules and regulations issued by SAMA.
      2. To bring to the attention of the Committee the relevant issues and concerns of their bank which require support from other banks as an agenda item for discussion.
      3. To bring to the attention of their bank's relevant management, the deliberation at such meetings of the various matters identified in the agenda and bring any responses thereto from their management to the Committee which may be of interest to the Committee as a whole.
      4. To discuss and deliberate in an open, positive and democratic manner under the guidance of the Chairman.
      5. Keep themselves abreast of major development in fraud management both locally and internationally.
      6. Report all fraud to SAMA and discuss at the Fraud Committee.
      7. Should a particular fraud case, of an internal nature represent a potential embarrassment to a member bank, the bank should discuss the case at the committee level in general terms by not disclosing any particular identities and focusing on the lessons learnt.

    • Committee Officials

      Fraud Committee would have the following official with a term of 1 year each. However, it could be made longer by a unanimous decision of the Committee with SAMA's approval.

      Chairman

      It is the responsibility of the Committee's Chairman who will determine its effectiveness and success because he would normally set its tone, agenda and style. His responsibilities include but not restricted to the following:

      1. Over-all planning of meetings including timings, venues, agenda items, etc.
      2. Obtain approval from SAMA on minutes.
      3. Liaising with SAMA officials, internal and external to the Committee, to do follow-ups on outstanding agenda items, improving the functionality, mandate and objectives of the Committee.
      4. Maintain a professional and effective style and attitude amongst the members of the Committee.
      5. Determine strategies and priorities for the Committee and in implementing new proposal amongst the banks most efficiently.
      6. Solicit and develop new ideas in order to activate and improve on the mandate of the Committee.
      7. Improve and develop the terms of reference document of the Committee in making it more effective and efficient.
      8. At the beginning of each term (every September), the chairman of the committee will submit an update term of reference document to SAMA, outlining its objectives and mandate, significant and key agenda items and priorities for the coming year.
      9. Decide at the Committee level if external consultants are necessary in providing input to a proposal. Final approval for such appointments to be given by SAMA.

      Vice Chairman

      The Vice Chairman shall assist in any way the Chairman in discharging his role and responsibilities as described above. 

      He will be there to officiate instead of the Chairman during his absence or early termination.

      The Secretary

      The secretary's main responsibility would be to take and maintain minutes and obtain SAMA's approval in a reasonable span of time. The minutes must normally be prepared and submitted to SAMA for its approval within one week after the meeting. SAMA is expected to approve the minutes under normal circumstances within one week after their receipt.

    • Types, Nature and Scope of Fraud to Be Discussed as Agenda Items at The Committee.

      It is fully recognized in the interest of internal and external confidentiality, that it would not be easy for banks to air the incidence of all frauds occurring within their bank specifically if it is involving senior officials. In such cases, the banks should discuss the lessons learnt, without detailing any particular personalities or embarrassing details. Consequently, the Agenda, as is the case amongst other banking committees, would be driven by the banks followed by SAMA's approval. Therefore, the banks should plan to bring all fraud cases to the forum keeping in view the overall objective being of exchanging relevant and mutually beneficial information with a view to educate each other and to deliberate on and discuss fraudulent cases.

      The natural benefit for all banks would be to contain fraud. Consequently, the overall success, measured in terms of what the banks get out of this forum in managing fraud, would be totally contingent on the nature and level of commitment by the banks in exchanging and deliberating with each other their expertise, wisdom and experiences.

      In general, what has to be recognized is that this forum is not a reporting mechanism for banks but a mechanism to gain from each other, in the quest to manage fraud, via discussions and deliberation of common, relevant and significant experience

       

    • Quality of Proposals to SAMA

      The proposals before being presented to SAMA need to be seriously thought through and documented by the Committees. Formal proposals outlining the nature of the fraud issue, existing and international practice to combat fraud, an analysis of the merits and demerits of the status quo and of the proposed changes should be submitted to SAMA by the Chairman of the Committee.

      It would be the explicit and direct responsibility of the Chairman of the Committee to submit proposals of sufficient quality in terms of definition, scope, research, etc. to SAMA. What should be clearly understood that it is with the banks and not SAMA where the responsibility of the following lies with respect to proposals being submitted for SAMA's deliberation and approval.

      1. The key issue of the proposal must be clearly defined.
      2. The issue must have the backing of all banks i.e. a complete consensus.
      3. The key problems or risks which have actually happened or are likely to manifest.
      4. Alternatives available to respond to item 3.
      5. Industry practices on the subject issues in major jurisdiction such as UK, US, France, Germany, GCC, etc.
      6. Recommended course of action and a coverage on its efficiency, economy and effectiveness aspects.

    • Proposal And Decision Making by The Committee

      Discussions and deliberations by the Committee often serve as inputs for SAMA in combating fraud in the Kingdom. These discussions are concerned with either existing rules, regulations or practices or for contributing towards new ones.

      It is expected by SAMA that not only is there a consensus on the proposals being submitted, but also there has been sufficient research and analysis carried out by the Committee members to ensure the smooth and practical application of the proposal to combat fraud in the Saudi banking system.

      Committee decisions and proposals would normally be by consensus. However, in the case of dissent a majority vote would apply. No voting by proxy is permitted.

      These proposals would be further studied by SAMA internally or SAMA may at its own discretion solicit external advice and help if necessary on the account of the banks. SAMA may after studying reject any proposal.

    • Selection and Termination of Committee Officials

      Each committee must elect its own set of officials composed of the following offices:

      1. Chairman
      2. Vice Chairman
      3. Secretary

      The selection of each of these officials should take place every September and would be on the basis of majority vote with the following constraints:

      1. Each bank will have one vote.
      2. N proxy vote to be accepted.
      3. no individual can have the same specific within a span of three years.
      4. All official appointments will be approved by SAMA should there be an unexpected departure for any reason of any of the officials to the Committee, before their regular tenure of 1 year, the Committee as a whole via a voting mechanism choose a replacement to serve until the end of the term.

      Any official can be terminated under any of the following circumstances:

      1. Unanimous decision by the Committee and SAMA's approval.
      2. SAMA's sole discretion.

    • Size of The Committee

      The size of the committee will be restricted to maximum of 3 members from each bank. Each bank will have one central permanent representative who is i) expected to come to all meetings in order to maintain continuity ii) coordinate with the other individuals (Max.2) who are to accompany him from the bank representing fraud case or issues to be discussed at a specific meeting as determined by the agenda. The individuals chosen to be a permanent representative will be the one who is an closest to managing fraud at any bank and may be the internal auditor, compliance officer, fraud manager, etc.

    • Confidentiality

      Discussion of fraud, its implications and other ramifications in front of a forum is never easy. Consequently, all deliberations, agenda items, decisions, notifications, etc. are to be strictly confidential. However, all banks must realize that all fraud to the fullest extent possible must be reported and discussed (if material). This is because fraud is not a competitive situation, in that a joint effort in deliberating on lesson learnt to manage fraud is the underlying objective.

      Under certain circumstances, banks may communicate with each other outside the committee on an individual basis and not via a formal committee, if it is deemed in their professional judgment that it would be in the best interest of the banking system.

      Fraud related to employees and particularly senior management would require discretion. However, under such event, it is expected that banks may consult with SAMA, and may just discuss the key lessons learnt without disclosing any embarrassing details.

    • Follw-up Team

      For all major items deemed to be significant by the Chairman, the Chairman in conjunction with SAMA, will appoint two individuals from the Committee to maintain a follow-up on items pending resolution over an unreasonable time span. Such delays may emanate from any of the following situations:

      1. The quality of the proposal in terms of its formatting, documentation, research, clarity, description, reasonableness, etc.
      2. Absence of relevant SAMA executives to give a decision.
      3. Protracted process at SAMA involving opinions, approvals from other relevant government bodies, etc.

      It is expected that these individuals will maintain a follow-up contact with the relevant SAMA officials and provide up update on these issues to the Committee.

    • Sub-Committees

      In order to ensure that issues and proposals are thoroughly deliberated upon, the Chairman of a committee, may at his discretion, but with SAMA's approval appoint a Sub-committee. These Sub-committees would be headed by a Chairman who would have an accountability and responsibility relationship with the Chairman of the main Committee for the terms of reference, reporting, agendas and timing.

      A summarized "Guidelines for Banking Fraud Committees" is attached for easy reference and implementation.

       

    • APPENDIX-1

      • SAMA Guidelines for Banking Fraud Committee

        1. Each Bank is required to nominate one permanent representative to the Committee. The representative should be of an appropriate level within the bank and should have the appropriate knowledge and skills in reference to fraud and its proper management in order to contribute to the proceedings of the Committee. He should also be in a position to make commitments on behalf of the bank and in contributing to the work and decisions of the Committee. The permanent representative would be accompanied by other bank individuals (Max.2) where specific areas of fraud are on the agenda.
        2. Each bank must be represented at each of the Committee meetings. The bank representative(s) is responsible for communication of the proceedings of the meetings, to the relevant personnel within their bank including to the managing directors or the general managers.
        3. Fraud Committee must elect a Chairman, Vice Chairman and Secretary (Committee Officials). The term of the Chairman, Vice Chairman and Secretary will normally last for one year but could be longer by a unanimous decision of the Committee.
        4. The Chairman of Fraud Committee must ensure that all banks participate fully and meets their responsibility to act as Committee Officials.
        5. All banks must be represented in all meetings. Attendance records must be maintained.
        6. SAMA will nominate its own staff to attend meetings.
        7. In circumstances where the Chairman cannot attend the meeting, the Vice Chairman will act as Chairman.
        8. In circumstances where any Fraud Committee official resigns during his term, the Committee must choose a replacement to serve until the end of the term.
        9. Minutes must be taken at each meeting of the Fraud Committee. The minutes for each committee meeting must be submitted to SAMA in a draft form for approval before circulation to the full membership of the Committee.
        10. Fraud Committee meetings should normally be held at the Institute of Banking Bankers Club or at SAMA Head Office. Sub-committee meetings may be held at other locations.
        11. From time to time, Sub-committees may be formed. The Chairman of the main committee may at his discretion delegate the Chair of the sub-committee to another member of the Committee. The sub-committee is fully accountable to the main committee. Proposals to SAMA must be voted upon and made via the main Fraud Committee.
        12. Fraud Committee decisions and proposals will normally be governed by consensus. In the case of dissent, a majority vote will apply. Banks are not permitted to vote by proxy.
        13. Issues to be discussed in a Committee meeting could originate from the banks, SAMA and other sources. When bank representatives agree by a consensus they shall raise the issue as proposals to SAMA.
        14. Proposals made by the Fraud Committee to SAMA must be fully documented and must outline the issues, contain a detailed analysis of the merits and demerits including supporting documentation such as international best practice and the recommendations made by the committee. Proposals requiring major changes in policies or commitment of significant resources must be channeled through the Managing Directors' Committee to ensure their approval.

        It, therefore, follows that central banks by managing operational risks, also attempt to manage or prevent fraud. This is achieved by central banks instituting proper interna) control processes and procedures to ensure asset safeguard and prudential banking practices.

        Some of practices and policies adopted by central banks exclusive of their joint and combined efforts with other central banks include the following:

        1. Policies and procedures prescribing strong internal controls.
        2. Rules pertaining to Audit Committees.
        3. Engaging external auditors and other consultants to ensure that proper controls are in place to combat fraud.
        4. Operational risk manuals.
        5. Training.

        6. Coordination with other law enforcement agencies.

           

      • Fraud Can Take Various Forms

        1. Money Laundering

        Money is laundered today through banks at substantial amounts involving billions of dollar and spans a large number of banks. It is used to conceal criminal activity related to it. Banks today have become major targets in laundering operations because they provide a variety of instruments such as bank drafts, travelers cheques, wire transfers, etc. that can be used to conceal the source of ill-acquired money.

        Because of the on-going sophistication in money laundering and the complexities brought in due to banking automation, many international organizations like the United Nations, Basle Committee on Banking Surevision have issued rules and regulations.

        1. The 1988 Un Convention (Vienna Convention), Against Illicit Traffic in Narcotics and psychotropic substances.
        2. Financial Action Task Force (FATF). Formed at the economic summit of major industrialized countries in 1989. 40 recommendations were promulgated.
        3. European Community (EC). This directive went into effect on 1 january 1993 and each member state has ratified it.
        4. Prevention of criminal use of the banking system for the purpose of money laundering by the Basle Committee (1988).

         

        1. Forgery

        Forgery is the second largest area of operational exposure according to a 1993 study on fraud done by the international public accounting firm of KPMG. Such types of fraud includes simple forgery of cheques and forgery of the come complex negotiable instruments such as LCs, promissory notes, bonds, etc.

        Current document technology such as optical scanners, color laser printers and powerful desktop publishing software now allow creation of forgeries which are virtually undetected except by highly sophisticated means. Here central banks can assist by promoting the institution of tough anti-forgery laws, and rigorous internal control regimes requiring signature authentication and verification and other rule and regulation. Tough anti-forgery laws are already in place in the Kingdom.

        1. Counterfeit Currency

        There are two major trends developing internationally which expose banks to this type of fraud.

        1. . Technology, As with forgery, new technology is also facilitating this type of fraud with new document processing technology.

        2. . Organized Crimes. Many international organizations are involved in supporting large scale counterfeiting operations directed against mainly US dollars. This bogus currency is of extremely high quality and is virtually undetectable by even experienced people.

          Central banks respond to the above with technology by redesigning and incorporating various anti-counterfeit features.

         

        1. Electronic Crime

        Electronic crime represents the fastest growing form of fraud facing banks. Technology has resulted in increased exposure to financial loss (i.e. by alteration of a state of indebtedness) by gaining illegitimate access to computer records. However, there has been reduced risk of physical loss, i.e. theft of cash and other monetary assets. For example, in an EFT environment, cash holdings are drastically reduced, which serves to reduce physical risk. In general, risk of electronic crime presents 4 major areas:

        1. ATMs
        2. Credit Cards
        3. Point of Sale
        4. Commercial Services
          • *Cash management services
          • *Electronic data interchange
        5. Retail Electronic Banking
          • Telephone bill payments
          • PC-based home banking

        Such types of fraud can be combated by the institution of strong internal controls procedures in an electronic environment. These mainly include high technology security controls at the input, processing, recording and programming levels. Central banks institute such controls to maintain the safety and soundness of the banking system. The most common type being inserting false instructions into the bank's system with the intent to divert funds.

        1. Insiders Infidelity

        One of the most common type of frauds bing committed involving substantial amounts are insiders (employees, officers, directors, shareholders, etc.) who can in concert with outsiders (members of national and international networks) act individually or collectively to defraud bank. A prime examples of insider fraud has been the savings and loans (S&L) crisis. One of the greatest factors contributing to this crisis was insider fraud where via false indebtedness or funds were diverted for the benefit of the owners. Other such examples include BCCI. DAIWA, Baring Brothers, etc.

      • Development in SAMA

        Saudi Arabia already has some of the toughest laws to combat frauds related to drug trafficking and an international reputation that it is a hostile environment for such activities.

        Notwithstanding, SAMA as the central bank and as a regulator of the Saudi banking system has also instituted a number of policy measures to combat fraud in the Saudi banking system. More to the point, these measures provide specific guidance to the banks in their aim to combat bank-related frauds.

        Improved Internal Controls in The Banking System

        The Agency has taken various steps to enhance and strengthen the internal control systems at the banks. Such controls are in place to ensure asset safeguard, prudential running of the banks, integrity of financial information and Bonafide authorization of transactions. These controls ensure smooth operations of the banks and provide for safeguard against fraud.

        These measures include the following:

        1. The management of operation risk though appropriate insurance schemes.

        2. Issuance of Internal Control Guidelines by the Agency.

          These guidelines provide for the enhancement and standardization of control systems to ensure that assets specifically liquid assets such as cash and other negotiable instruments are safeguarded.

          It is well known fact that there is overwhelming pre-dominance of fraud related to cash, travelers cheques, ATM cash. etc. Committed by employees and non-employees. Further, recovery of assets lost due to internal or external fraud is remarkably low. Consequently, the institution of sound internal controls is indispensable to prevent fraud.

        3. Issuance of Accounting Standards for Commercial Banks.

          The Agency has also issued accounting standards to ensure Bonafide accounting measurement, recording, treatment and reflection of transactions as a measure to prevent fraud.

          Efficient accounting records are again essential to manage and prevent frauds of various types. These controls relate to asset safeguard, authorization of transactions and to ensure general safety and soundness of banks.

        4. Issuance of a Manual entitled "Rules for Minimum Physical Security Procedures for Saudi Banks"

          The Agency has issued "Rules for Minimum Physical Security Procedures for Saudi Banks." These have been issued to improve the physical security controls of banks.

          The manual contains minimum requirements and standards for security as described below:

         

        1. Minimum requirements for security systems.
        2. Standards for corporate security manual.
        3. Minimum requirements for physical security.
        4. Cash in transit procedures.
        5. Security guards work instructions.

         

        1. Other Support Manuals And Documents

         

        1. Guidelines for the prevention of fraud. This guideline provides a coverage on the steps to be taken in the event of a fraud including collaboration with law enforcement agencies.
        2. Guidelines for the prevention of money laundering. This guideline is a state-of-the-art document and has been composed after consulting various internationally known standards and documents. The Agency has very rigorously pursued this type of fraud in the Kingdom.

         

        1. Rules And Regulation Pertaining to Audit Committees.

         

        1. On-site Inspections

                The Agency's inspection department performs periodic on-site inspection of banks, as circumstances warrant it, to ensure the detection of fraud and also to ensure that the following attributes which are again related to fraud are in place.

        1. Assets are safeguarded.
        2. Proper internal controls and accounting and other records exist and are functioning to detect fraud.
        3. The banks are running in a prudent manner consistent with the objective of safety and soundness.

        4. Transactions are authorized, recorded and re-valued.

          Further, such on-site inspections also reveal if improvements can be made in meeting the above subjects.

         

        1. Manuals under Study

           The following manuals and guidance documents are in the final stages of their completion.

        1. Requirements to have compliance officers to guard against operational risks.

         

        1. Cooperative Procedures with Various Constituencies

         

        1. With Bank's management. The Agency has defined procedures related to coordination and cooperation with the bank's management in the event of an incidence of fraud to provide for an effective deterrent. This entails proper recording of facts, analysis and appropriate steps to be taken.
        2. With law enforcement agencies. The Agency also cooperates with different law enforcement agencies in investigation frauds, forgeries and counterfeit currencies.

         

        1. Training Programs for Law Enforcement Agencies

          The Agency also conducts training programs for law enforcement agencies in relation with economic and financial crimes. For example, SAMA has conducted a six-week training program for the security forces.

         

        1. Fraud Reporting System

          *  SAMA has developed a central fraud data base wherein each bank every six months report their various fraud cases. A central fraud database covering all of the significant facts and analyses has been developed to provide support in framing policies and in investigating cases. Various reports can be extracted from this data base which are planned to be distributed to all the bank.

        *SAMA is reviewing various options to develop a fraud management and investigation system which is planned to provide for a data base to aid in supervising and managing fraud.

        1. Electronic Fund Transfer Project

        SAMA has instituted the EFT system in the Kingdom. This again serves to reduce exposure to physical loss of assets, i.e. cash as there would be a reduced need to hold large amounts of cash at the branches and the need to physically transport it.

        1. Embezzlement, Fraud, And Money Laundering Section

        This is a special unit in the banking inspection department which has been established to conduct studies and research on all aspects of fraud, i.e. current developments, impact of technology, new types of fraud, etc.

        This special unit also assists in conducting investigations and analysis on all types of fraud cases under investigation by SAMA.

        1. Reporting of Fraud by The Banks to SAMA
        • Banks are expected to report all fraud cases to SAMA at the time it is detected.
        • Banks are expected to provide summarized updates on all fraud cases.