Principle
| |
Member Organisations should define, approve, implement and maintain a Counter-Fraud Strategy aligning to the overall strategic objectives of the organisation that identifies short and long-term Counter-Fraud initiatives and communicates a plan of action to achieve them.
| |
Control Requirements
| |
| a. | Counter-Fraud Strategy should be defined, approved, implemented and maintained.
| |
| b. | Counter-Fraud strategic initiatives should be translated into a defined roadmap including but not limited to, consideration of:
| |
| | 1. | Timescales to deliver initiatives.
|
| | 2. | The owner responsible for delivering the initiative.
|
| | 3. | How the initiatives will close the gaps between current and target environments.
|
| | 4. | The integration of initiatives into a coherent Counter-Fraud Strategy that aligns with the business strategy.
|
| | 5. | Dependencies, overlaps, synergies and impacts among projects, and prioritisation.
|
| c. | Counter-Fraud Strategy should be aligned with:
| |
| | 1. | The Member Organisation’s overall business strategic objectives.
|
| | 2. | Broader strategies that may influence fraud risks and controls, e.g., Cyber Security, IT, Financial Crime (Anti-Money Laundering (AML) & Customer Due Diligence (CDD)).
|
| | 3. | Legal and regulatory compliance requirements of the Member Organisation and any other applicable laws in the Kingdom of Saudi Arabia (KSA).
|
| d. | Counter-Fraud Strategy should at a minimum address:
| |
| | 1. | The current state maturity of the Member Organisation, including the most significant fraud related challenges faced.
|
| | 2. | The people, process, and technology requirements to deliver the strategy and proactively manage fraud within risk appetite.
|
| | 3. | The future direction of the Member Organisation’s Counter-Fraud Programme, and the initiatives required to successfully migrate to the desired future state.
|
| | 4. | Known changes to the fraud landscape (e.g., the increasing digitalisation of financial services products, new external threats, new regulation, or guidance).
|
| e. | A Member Organisation should review and when required update its Counter-Fraud Strategy on a periodic basis or whenever there is a material change:
| |
| | 1. | Internally (e.g., the Member Organisation’s business model, operational environment, or business strategy).
|
| | 2. | Externally (e.g., the fraud landscape or applicable laws and regulations).
|
