To achieve level 3 maturity, a Member Organisation should define, approve, and implement Counter-Fraud controls in line with the Control Requirements of this Framework. This includes the implementation of fraud detection system capability to prevent and proactively detect fraud.

In addition, a Member Organisation should monitor compliance with the Counter-Fraud documentation. The Counter-Fraud documentation should clearly indicate "why", "what" and "how" Counter-Fraud controls should be implemented. The Counter-Fraud documentation consists of Counter-Fraud policies, standards, and procedures.
 

 

The Counter-Fraud Policy should be endorsed and mandated by the Board of the Member Organisation and state "why" countering fraud and protecting customers is important to the Member Organisation. The policy should highlight the overall scope of the Counter-Fraud

Programme, key Counter-Fraud responsibilities and “what” Counter-Fraud principles and objectives should be established.

Based on the Counter-Fraud Policy, Counter-Fraud standards should be developed. These standards define "what" Counter-Fraud controls should be implemented, such as, Due Diligence, authentication, prevention, and detection etc. The standards support and reinforce the Counter-Fraud Policy and are to be considered as Counter-Fraud baselines.

The step-by-step tasks and activities that should be performed by staff of the Member Organisation are detailed in the Counter-Fraud procedures. These procedures prescribe "how" the Counter-Fraud controls, tasks and activities have to be executed in the operating environment.

The actual progress of the implementation, performance and compliance of the Counter-Fraud controls should be periodically monitored using Key Performance Indicators (KPIs).