The Counter-Fraud maturity level will be measured with the help of a predefined maturity model. The Counter-Fraud Maturity Model distinguishes 6 maturity levels (0, 1, 2, 3, 4 and 5), which are summarised in the table below. In order to achieve levels 3, 4 or 5, Member Organisations should first meet all criteria of the preceding maturity levels.
| Maturity Level | Definition and Criteria | Explanation |
0
Non-existent | - No documentation.
- There is no awareness or attention for certain Counter-Fraud controls.
| - Counter-Fraud controls are not in place. There may be no awareness of the particular risk area or no current plans to implement such Counter-
Fraud controls.
|
1
Ad-hoc | - Counter-Fraud controls are not or partially defined.
- Counter-Fraud controls are performed in an inconsistent way.
- Counter-Fraud controls are not fully defined.
| - Counter-Fraud control design and execution varies by department or owner.
- Counter-Fraud control design may only partially mitigate the identified risk and execution may be inconsistent.
|
2
Repeatable but
informal | - The execution of the Counter-Fraud controls is based on an informal and unwritten, though standardised, practice.
| - Repeatable Counter-Fraud controls are in place. However, the control objectives and design are not formally defined or approved.
- There is limited consideration for a structured review or testing of a control.
|
3
Structured and
formalised | - Counter-Fraud controls are defined, approved, and implemented in a structured and formalised way.
- Fraud detection system capability is implemented and embedded.
- The implementation of Counter-Fraud controls can be demonstrated.
- Reporting is in place to monitor Counter-Fraud control performance.
| - Counter-Fraud policies, standards and procedures are established
- Counter-Fraud controls are implemented and embedded.
- Fraud detection system capability is in place to prevent and proactively detect fraud across all products and channels.
- Compliance with Counter-Fraud documentation (i.e., policies, standards, and procedures) is monitored, preferably using a governance, risk, and compliance tool (GRC).
- Key Performance Indicators are defined and reported to monitor the implementation of controls.
|
4
Managed and
measurable | - The effectiveness of Counter-Fraud controls is periodically assessed and improved when necessary.
- This periodic measurement, evaluations and opportunities for improvement are documented.
| - Effectiveness of implemented Counter- Fraud controls is measured and periodically evaluated.
- Key Risk Indicators and trend reporting are used to monitor position against risk appetite and give an early warning of potential emerging issues.
- Results of measurement and evaluation are used to identify opportunities for improvement of the Counter-Fraud controls.
|
5
Adaptive | - Counter-Fraud controls are subject to a continuous improvement plan.
| - The enterprise-wide Counter-Fraud Programme focuses on continuous compliance, effectiveness, and improvement of the Counter-Fraud controls.
- Counter-Fraud controls are integrated with enterprise risk management framework and practices.
|
Table 1 - Counter-Fraud Maturity Model
The objective of the Framework is to create an effective approach for addressing and managing Counter-Fraud risks within the financial sector. To achieve an appropriate CounterFraud maturity level, the Member Organisations should at least operate at maturity level 3 or higher as explained below.
